cardholder.theperfectgift.ca Open in urlscan Pro
216.104.233.144 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Submission: On December 29 via api (December 29th 2021, 7:44:55 pm UTC) from CA — Scanned from CA

Summary HTTP 59 Redirects Links 10 Behaviour Indicators

Summary

This website contacted 12 IPs in 1 countries across 11 domains to perform 59 HTTP transactions. The main IP is 216.104.233.144, located in United States and belongs to CENTURYLINK-LEGACY-SAVVIS, US. The main domain is cardholder.theperfectgift.ca.
TLS certificate: Issued by DigiCert SHA2 Secure Server CA on August 14th 2020. Valid for: 2 years.

This is the only time cardholder.theperfectgift.ca was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
10	216.104.233.144 216.104.233.144	3561 (CENTURYLI...) (CENTURYLINK-LEGACY-SAVVIS)
2	2607:f8b0:400... 2607:f8b0:4006:822::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:bcf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
5	13.225.63.122 13.225.63.122	16509 (AMAZON-02) (AMAZON-02)
12	2606:4700::68... 2606:4700::6812:1940	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2606:2800:11f... 2606:2800:11f:1cb7:261b:1f9c:2074:3c	15133 (EDGECAST) (EDGECAST)
4	2607:f8b0:400... 2607:f8b0:4006:823::2003	15169 (GOOGLE) (GOOGLE)
1	2607:f8b0:400... 2607:f8b0:4006:817::200e	15169 (GOOGLE) (GOOGLE)
14	13.77.127.157 13.77.127.157	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	151.101.194.137 151.101.194.137	54113 (FASTLY) (FASTLY)
3	162.247.243.146 162.247.243.146	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	54.161.154.147 54.161.154.147	14618 (AMAZON-AES) (AMAZON-AES)
59	12

10 216.104.233.144 (United States)

ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US)

cardholder.theperfectgift.ca	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2607:f8b0:4006:822::200a (United States)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 13.225.63.122 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-225-63-122.ewr53.r.cloudfront.net

consent.trustarc.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

12 2606:4700::6812:1940 (United States)

ASN13335 (CLOUDFLARENET, US)

client-api.arkoselabs.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:2800:11f:1cb7:261b:1f9c:2074:3c (United States)

ASN15133 (EDGECAST, US)

cdn-us.trustev.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.trustev.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2607:f8b0:4006:823::2003 (United States)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2607:f8b0:4006:817::200e (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

14 13.77.127.157 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

app.trustev.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.194.137 (United States)

ASN54113 (FASTLY, US)

js-agent.newrelic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 162.247.243.146 (United States)

ASN13335 (CLOUDFLARENET, US)

bam-cell.nr-data.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 54.161.154.147 (United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-161-154-147.compute-1.amazonaws.com

mpsnare.iesnare.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
16	trustev.com cdn-us.trustev.com cdn.trustev.com app.trustev.com	45 KB
12	arkoselabs.com client-api.arkoselabs.com	178 KB
10	theperfectgift.ca cardholder.theperfectgift.ca	372 KB
5	trustarc.com consent.trustarc.com	35 KB
4	gstatic.com fonts.gstatic.com	62 KB
3	iesnare.com mpsnare.iesnare.com	22 KB
3	nr-data.net bam-cell.nr-data.net	2 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com	30 KB
2	googleapis.com fonts.googleapis.com	2 KB
1	newrelic.com js-agent.newrelic.com	17 KB
1	google-analytics.com www.google-analytics.com	20 KB
59	11

	Domain	Requested by
14	app.trustev.com	cardholder.theperfectgift.ca
12	client-api.arkoselabs.com	cardholder.theperfectgift.ca client-api.arkoselabs.com
10	cardholder.theperfectgift.ca	cardholder.theperfectgift.ca
5	consent.trustarc.com	cardholder.theperfectgift.ca
4	fonts.gstatic.com	fonts.googleapis.com
3	mpsnare.iesnare.com	cardholder.theperfectgift.ca
3	bam-cell.nr-data.net	cardholder.theperfectgift.ca
2	maxcdn.bootstrapcdn.com	cardholder.theperfectgift.ca
2	fonts.googleapis.com	cardholder.theperfectgift.ca client
1	js-agent.newrelic.com	cardholder.theperfectgift.ca
1	cdn.trustev.com	cardholder.theperfectgift.ca
1	www.google-analytics.com	cardholder.theperfectgift.ca
1	cdn-us.trustev.com	cardholder.theperfectgift.ca
59	13

This site contains links to these domains. Also see Links.

Domain
www.theperfectgift.ca
cardholder.jokercard.ca
blackhawknetwork.com

Subject Issuer	Validity	Valid
*.theperfectgift.ca DigiCert SHA2 Secure Server CA	`2020-08-14` - `2022-08-31`	2 years	crt.sh
upload.video.google.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2021-03-01` - `2022-02-28`	a year	crt.sh
*.trustarc.com Go Daddy Secure Certificate Authority - G2	`2020-05-21` - `2022-07-17`	2 years	crt.sh
arkoselabs.com Cloudflare Inc ECC CA-3	`2021-10-06` - `2022-10-05`	a year	crt.sh
sni1d11bgl.wpc.edgecastcdn.net DigiCert SHA2 Secure Server CA	`2020-02-28` - `2022-03-04`	2 years	crt.sh
*.gstatic.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2021-11-29` - `2022-02-21`	3 months	crt.sh
sni16c6gl.wpc.edgecastcdn.net DigiCert TLS RSA SHA256 2020 CA1	`2021-07-09` - `2022-08-09`	a year	crt.sh
*.trustev.com DigiCert SHA2 Secure Server CA	`2020-07-20` - `2022-10-23`	2 years	crt.sh
js-agent.newrelic.com GlobalSign Atlas R3 DV TLS CA H2 2021	`2021-10-06` - `2022-11-07`	a year	crt.sh
*.nr-data.net DigiCert SHA2 Secure Server CA	`2020-02-05` - `2022-02-08`	2 years	crt.sh
mpsnare.iesnare.com DigiCert SHA2 Extended Validation Server CA	`2021-04-27` - `2022-05-24`	a year	crt.sh

This page contains 3 frames:

Primary Page: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Frame ID: 7936FEABC87AC110CC0F96582C581FD3
Requests: 40 HTTP requests in this frame

Frame: https://cdn.trustev.com/trustevIFrame.html
Frame ID: 341FA4FFAFB8506CEDC69E081EFC46A4
Requests: 1 HTTP requests in this frame

Frame: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
Frame ID: 81CC041CDFB6E042AC05A31E8E2EA0AC
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The Perfect Gift™

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

TrustArc (Cookie compliance) Expand

Overall confidence: 100%
Detected patterns

consent\.trustarc\.com

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

59
Requests

100 %
HTTPS

50 %
IPv6

11
Domains

13
Subdomains

12
IPs

1
Countries

785 kB
Transfer

1410 kB
Size

8
Cookies

10 Outgoing links

These are links going to different origins than the main page.

URL: https://www.theperfectgift.ca/

Search URL Search Domain Scan URL

URL: https://cardholder.jokercard.ca/?lang=en-US
Title: Register the Joker Prepaid Mastercard®

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/#features
Title: FEATURES & BENEFITS

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/#purchase
Title: WHERE CAN I PURCHASE?

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/contests
Title: CONTESTS

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/#faq
Title: FAQ

Search URL Search Domain Scan URL

URL: https://blackhawknetwork.com/ca-en/privacy-policy
Title: PRIVACY POLICY

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/#cardholder-agreement
Title: CARDHOLDER AGREEMENT

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/dispute-transaction
Title: DISPUTE TRANSACTIONS

Search URL Search Domain Scan URL

URL: https://www.theperfectgift.ca/contact
Title: CONTACT US

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

59 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request / Show response
cardholder.theperfectgift.ca/ 53 KB
54 KB 480ms
189ms Document
text/html 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

2003a2eb0f13d463f7613e4dc734bfcfccfc66dbbbd0a362769e4a0aa66f564a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9

Response headers

Cache-Control: private
Content-Type: text/html; charset=utf-8
X-TraceId: MjNlZGJmZWMtMWJjNi00MDRjLWI1NDQtZTJlMzQzNzFjZDIw
X-Frame-Options: DENY
X-XSS-Protection: 1; mode=block
X-Content-Type-Options: nosniff
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Date: Wed, 29 Dec 2021 19:44:43 GMT
Content-Length: 54087

GET
H2 200 css
fonts.googleapis.com/ 8 KB
1 KB 92ms
39ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700,300|Roboto

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

6a3e500b18d09d02566aba4e446f72f8d94009c325ef69b986fd14404e8a5bca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 18:51:29 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 19:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 19:44:44 GMT

GET
H2 200 bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/ 115 KB
20 KB 57ms
24ms Stylesheet
text/css 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 617
age: 25402630
cdn-cachedat: 2021-03-10 13:26:47
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:58 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: text/css; charset=utf-8
access-control-allow-origin: *
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: 89bf3d90a925614fe2e88c5ad6086c8f
cdn-requestcountrycode: US
cf-ray: 6c55865339247142-YUL
cdn-cache: HIT
cdn-requestpullsuccess: True

GET
H/1.1 200
OK stylesheet.css
cardholder.theperfectgift.ca/317281/styles/ 46 KB
47 KB 204ms
124ms Stylesheet
text/css 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/styles/stylesheet.css?v=1.0.8004.32152

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

1da8d46f207eaebaeec82fa0150db751e38798e1a94f376716bc2b577daf6851

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:43 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 19:44:44 GMT
X-Frame-Options: DENY
Vary: *
Content-Type: text/css
Cache-Control: public, max-age=31536000
X-TraceId: MmUyMjY5ZDMtNDc5Ny00ODg3LWI0YmItMzQ5NmI2NzQ4YWYw
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 47209
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Dec 2022 19:44:44 GMT

GET
H/1.1 200
OK jquery Show response
cardholder.theperfectgift.ca/317281/bundles/ 130 KB
131 KB 388ms
214ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/jquery

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b4e0e4bafdba979ed97fde06c409478becd96dde7a53023aae7858a19f15a67b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 18:47:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: DENY
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 133121
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Dec 2022 18:47:23 GMT

GET
H/1.1 200
OK handlebars Show response
cardholder.theperfectgift.ca/317281/bundles/ 70 KB
71 KB 358ms
182ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/handlebars

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

15d5fa7b09ec5daed0f12dd10bb995a4285a8a3e0d3fd5155768f1ceba4bda60

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 18:47:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: DENY
Vary: User-Agent
Content-Type: text/javascript; charset=utf-8
Cache-Control: public
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 71637
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Dec 2022 18:47:23 GMT

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/ 36 KB
10 KB 28ms
25ms Script
application/javascript 2606:4700::6812:bcf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
x-content-type-options: nosniff
cf-cache-status: HIT
cdn-edgestorageid: 718, 718
age: 6490172
cdn-cachedat: 2021-04-13 02:50:03
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
timing-allow-origin: *
access-control-allow-origin: *
last-modified: Mon, 25 Jan 2021 22:03:59 GMT
server: cloudflare
cdn-requestpullcode: 200
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains; preload
content-type: application/javascript; charset=utf-8
cdn-cache: HIT
vary: Accept-Encoding
cache-control: public, max-age=31919000
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cdn-requestid: f555eecc83d07422a81af3803a9b15cc
cf-ray: 6c55865389b87142-YUL
cdn-requestcountrycode: US
cdn-requestpullsuccess: True

GET
H/1.1 200
OK mygift-common-js Show response
cardholder.theperfectgift.ca/317281/bundles/ 19 KB
19 KB 281ms
183ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/mygift-common-js?v=1.0.8004.32152

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

3c7059be4e3da47cbced1834b173f9900874178ff4a13321c870644cb2b96a37

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 19073
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 notice Show response
consent.trustarc.com/ 12 KB
5 KB 97ms
33ms Script
text/javascript 13.225.63.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=blackhawknetwork.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1&language=en-CA

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.63.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-63-122.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

9acc1904bb4ac1db528d3d46beb20315899bd314075e043f47296c0656254fd7

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cardholder.theperfectgift.ca/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
x-cache: Hit from cloudfront
cloudfront-viewer-country: CA
content-length: 4832
x-xss-protection: 1; mode=block
timing-allow-origin: *
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: EWR53-C1
cloudfront-viewer-country-region: QC
x-amz-cf-id: vKrl4tuiJSfNECf4skSHrOWmOqooXPRI1i4lW0EAZ8RbpKdkiYGEmQ==
expires: Wed, 29 Dec 2021 20:42:41 GMT

GET
H/1.1 200
OK analyticsjs Show response
cardholder.theperfectgift.ca/317281/bundles/ 1 KB
2 KB 303ms
128ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/analyticsjs?v=1.0.8004.32152

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

9f3beccf1c6cdb59aa5773bade850027f18a6d1d8f4a0b66fc45dbb28f0932e0

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 1526
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK captcha-common-js Show response
cardholder.theperfectgift.ca/317281/bundles/ 1 KB
2 KB 276ms
101ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/captcha-common-js?v=1.0.8004.32152

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

63b88c463dc3d0437f448c38ab457130966998f2ba18da1aba620f98cdd677a8

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 1493
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H2 200 api.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ 109 KB
34 KB 101ms
27ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/api.js

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fcb0cacbd8deca3da4cc7e2cbe0ac0f909440cebd0abacbfa5531eb58ad2235a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6500228
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: 11M7X08HJS3YKP26
x-amz-id-2: /c4er7lAb0B7YX8UY/gTQ4MJgFvT7PYEvguK83fNJdtTW/fqLh8be27kBJ8GICCoQ6og6NF9GMI=
last-modified: Tue, 06 Apr 2021 03:29:14 GMT
server: cloudflare
etag: W/"5d502d167197b74540c0d3d6ecff5104"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=0, s-maxage=31536000
x-amz-version-id: null
cf-ray: 6c55865758df4bcb-YUL

GET
H2 200 trustev.min.js Show response
cdn-us.trustev.com/ 35 KB
35 KB 133ms
35ms Script
application/octet-stream 2606:2800:11f:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn-us.trustev.com/trustev.min.js
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (cha/80CB) /
Resource Hash: aeb978c283f75e5d28bded65b65f4bbf2c867414162039f8ded5b6b75eb1d94e

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-ms-lease-status: unlocked
x-ms-blob-type: BlockBlob
date: Wed, 29 Dec 2021 19:44:44 GMT
last-modified: Fri, 02 Jul 2021 10:04:41 GMT
server: ECAcc (cha/80CB)
content-md5: OFhEminLbkyWdOZ2y0OACw==
age: 466670
etag: "0x8D93D40CF976310"
x-cache: HIT
content-type: application/octet-stream
x-ms-request-id: 8753e920-601e-0004-1fad-f8953d000000
x-ms-version: 2014-02-14
accept-ranges: bytes
content-length: 35386
x-ms-lease-state: available

GET
H/1.1 200
OK trustev-common-js Show response
cardholder.theperfectgift.ca/317281/bundles/ 522 B
1 KB 364ms
164ms Script
text/javascript 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to

Full URL

https://cardholder.theperfectgift.ca/317281/bundles/trustev-common-js?v=1.0.8004.32152

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

7bd74ff5ad848a3e27e4fe787cbb8ae74f60d42c0c8ce6f76ae9a486508d601b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
X-Frame-Options: DENY
Content-Type: text/javascript; charset=utf-8
Cache-Control: no-cache
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 522
X-XSS-Protection: 1; mode=block
Expires: -1

GET
H/1.1 200
OK TPG_WORDMARK_ENG.png
cardholder.theperfectgift.ca/Content/Images/ 44 KB
45 KB 101ms
101ms Image
image/png 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cardholder.theperfectgift.ca/Content/Images/TPG_WORDMARK_ENG.png

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

89e1df4b4f39d76829490e604aca3aa9cea2af25176b0b3069635a1490dcc23a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 19:44:44 GMT
X-Frame-Options: DENY
Vary: *
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-TraceId: M2RhZTQ4MjQtN2Y5Ny00MTMzLThjYjMtNzQyNzE4MDgwNjQz
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 45100
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Dec 2022 19:44:44 GMT

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
16 KB 81ms
23ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700,300|Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 19:27:19 GMT
x-content-type-options: nosniff
age: 433045
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15720
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:56 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 19:27:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 49 KB
20 KB 87ms
23ms Script
text/javascript 2607:f8b0:4006:817::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:817::200e , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
last-modified: Tue, 02 Nov 2021 17:39:06 GMT
server: Golfe2
age: 3825
date: Wed, 29 Dec 2021 18:40:59 GMT
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 20006
expires: Wed, 29 Dec 2021 20:40:59 GMT

GET
H2 200 v1.7-940 Show response
consent.trustarc.com/asset/notice.js/v/ 75 KB
24 KB 31ms
29ms Script
text/javascript 13.225.63.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-940
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.63.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-63-122.ewr53.r.cloudfront.net
Software: nginx /
Resource Hash: 917cd441969c201fe537f3c3c47a825d2fd9b68535a5873358b630a5c6a25f0d

Request headers

Referer: https://cardholder.theperfectgift.ca/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:08:46 GMT
content-encoding: gzip
age: 2158
x-cache: Hit from cloudfront
pragma: public
access-control-allow-origin: *
last-modified: Mon, 22 Nov 2021 03:18:10 GMT
server: nginx
vary: Accept-Encoding
content-type: text/javascript
via: 1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
cache-control: max-age=2592000
x-amz-cf-pop: EWR53-C1
timing-allow-origin: *
x-amz-cf-id: GYbClYlUy9EREyMOwzJz0CGGngdjL2tGrKWHJ204r1R2qbKpPTcgmQ==
expires: Fri, 28 Jan 2022 19:08:46 GMT

GET
H2 200 log
consent.trustarc.com/ 43 B
396 B 165ms
111ms Image
image/gif 13.225.63.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://consent.trustarc.com/log?domain=blackhawknetwork.com&country=ca&state=&behavior=implied&c=0c3a
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 13.225.63.122 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-13-225-63-122.ewr53.r.cloudfront.net
Software: nginx /
Resource Hash: 98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 19:44:44 GMT
via: 1.1 3496707421faf86f68ae341aa8b7d1b9.cloudfront.net (CloudFront)
server: nginx
x-amz-cf-pop: EWR53-C1
vary: Origin
x-cache: Miss from cloudfront
content-type: image/gif
cache-control: private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length: 43
x-amz-cf-id: Aw_dIOmIr3lJpE2wuCJG_pKb-ZLYboykGxGJ7rwVNJPOENTfVD-wlw==
expires: Mon, 26 Jul 1997 05:00:00 GMT

GET
H/1.1 200
OK help-icon.png
cardholder.theperfectgift.ca/content/images/ 296 B
1 KB 170ms
170ms Image
image/png 216.104.233.144
CENTURYLINK-LEGAC...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://cardholder.theperfectgift.ca/content/images/help-icon.png

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/317281/styles/stylesheet.css?v=1.0.8004.32152

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

216.104.233.144 , United States, ASN3561 (CENTURYLINK-LEGACY-SAVVIS, US),

Reverse DNS

Software

Resource Hash

b654913d782f8b38df6f5e468a7a67bb5482cee002471aa584ed685daf034442

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/317281/styles/stylesheet.css?v=1.0.8004.32152
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:44 GMT
X-Content-Type-Options: nosniff
Last-Modified: Wed, 29 Dec 2021 19:44:44 GMT
X-Frame-Options: DENY
Vary: *
Content-Type: image/png
Cache-Control: public, max-age=31536000
X-TraceId: OGEwYTQ2MDEtOWFhMy00YTRlLWE1ODMtOTBjMjI4YmZlYzVk
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' www.google-analytics.com www.google.com www.gstatic.com; connect-src 'self'; img-src 'self' data: www.google-analytics.com; style-src 'self'; frame-src *; object-src 'self'; frame-ancestors 'none'
Content-Length: 296
X-XSS-Protection: 1; mode=block
Expires: Thu, 29 Dec 2022 19:44:44 GMT

GET
H2 200 ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2
fonts.gstatic.com/s/robotocondensed/v19/ 15 KB
15 KB 42ms
31ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700,300|Roboto

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 01:16:07 GMT
x-content-type-options: nosniff
age: 498517
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15640
x-xss-protection: 0
last-modified: Tue, 15 Sep 2020 18:08:37 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 01:16:07 GMT

GET
H2 200 trustevIFrame.html Show response
cdn.trustev.com/ Frame 341F 7 KB
8 KB 150ms
36ms Document
text/html 2606:2800:11f:1cb7:261b:1f9c:2074:3c
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.trustev.com/trustevIFrame.html
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2606:2800:11f:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software: ECAcc (cha/80D8) /
Resource Hash: ea9d101fe0f9989216afd8f7af3ff8ec2d3c70e3e54463eb64556ad0561627dc

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/

Response headers

accept-ranges: bytes
age: 153437
content-type: text/html
date: Wed, 29 Dec 2021 19:44:44 GMT
etag: "0x8D4B2650924FD31"
last-modified: Tue, 13 Jun 2017 14:03:58 GMT
server: ECAcc (cha/80D8)
x-cache: HIT
x-ms-blob-type: BlockBlob
x-ms-lease-state: available
x-ms-lease-status: unlocked
x-ms-request-id: 25c1e04c-101e-0053-2c87-fb3b0e000000
x-ms-version: 2014-02-14
content-length: 7584

OPTIONS
H/1.1 200
OK javascript
app.trustev.com/api/v2.0/configuration/ Frame 0
0 289ms
44ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/configuration/javascript
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: GET
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

GET
H/1.1 200
OK javascript Show response
app.trustev.com/api/v2.0/configuration/ 140 B
495 B 52ms
51ms XHR
application/json 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/configuration/javascript
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 2631a642b5823ff716ff86be7d401be7213010aaeb04c1f03a525de45b9bbc0f

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Expires: -1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Content-Length: 140
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc

OPTIONS
H/1.1 200
OK session
app.trustev.com/api/v2.0/ Frame 0
0 293ms
43ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/session
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

POST
H/1.1 200
OK session Show response
app.trustev.com/api/v2.0/ 125 B
480 B 78ms
78ms XHR
application/json 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/session
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 69d7f077cbc8b156d25ac4493626b8021d54afdfd4f1cc1ca49f839d7fda2609

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Expires: -1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Content-Length: 125
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc

GET
H2 200 notice Show response
consent.trustarc.com/ 16 KB
6 KB 35ms
34ms Script
text/javascript 13.225.63.122
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.63.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-63-122.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

c0a49c6f942f8f6ff07723340e9f7a1e4fe40f63e3ab9ed5d08e311986ec9f89

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://cardholder.theperfectgift.ca/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:42:41 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 123
x-cache: Hit from cloudfront
cloudfront-viewer-country: CA
content-length: 5136
x-xss-protection: 1; mode=block
timing-allow-origin: *
access-control-allow-origin: *
server: nginx
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/javascript;charset=UTF-8
via: 1.1 2d922ab79d41a826404f05ff416bb98c.cloudfront.net (CloudFront)
cache-control: max-age=3600
x-amz-cf-pop: EWR53-C1
cloudfront-viewer-country-region: QC
x-amz-cf-id: IhXJYpLUtylfiQe4uMWE06koGtbger4-1u5JVKEIre5ovO8j134U-Q==
expires: Wed, 29 Dec 2021 20:42:41 GMT

GET
H2 200 enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 910 B
592 B 28ms
28ms Document
text/html 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c45cd6dee1779c5d47e5829c1228918bc97060b46063c6af1852fecaab8d87d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-type: text/html; charset=utf-8
cf-ray: 6c558657e9924bcb-YUL
age: 6500228
cache-control: public, max-age=31536000, immutable
last-modified: Tue, 06 Apr 2021 03:29:13 GMT
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
cf-cache-status: HIT
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
x-amz-id-2: wifaIyYWtPKZ22LuzqTkl4NpABpXTGZ/p3WVJG9k+G2S54L+D359jPRwAiFcXQy+jX4g8gu0HqE=
x-amz-request-id: 11M6Q0YFENX61TJQ
x-amz-version-id: null
server: cloudflare
content-encoding: br

GET
H3 200 css2
fonts.googleapis.com/ 6 KB
682 B 75ms
43ms Stylesheet
text/css 2607:f8b0:4006:822::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Requested by

Host: client
URL: about:client

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:822::200a , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

084a7135a2401b36223c591e41b2b60f073ab6432a8db01e3aa12708bb92f73e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection: 0
last-modified: Wed, 29 Dec 2021 18:55:35 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
date: Wed, 29 Dec 2021 19:44:44 GMT
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Wed, 29 Dec 2021 19:44:44 GMT

GET
H3 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 55ms
22ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700,300|Roboto

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Tue, 28 Dec 2021 16:23:56 GMT
x-content-type-options: nosniff
age: 98448
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15688
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:19 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Wed, 28 Dec 2022 16:23:56 GMT

GET
H2 200 bannermsg
consent.trustarc.com/ 43 B
434 B 109ms
106ms Image
image/gif 13.225.63.122
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://consent.trustarc.com/bannermsg?action=views&domain=blackhawknetwork.com&behavior=implied&country=ca&language=en&rand=0.2684346474968058

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.225.63.122 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-225-63-122.ewr53.r.cloudfront.net

Software

nginx /

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

pragma: no-cache
date: Wed, 29 Dec 2021 19:44:44 GMT
via: 1.1 3496707421faf86f68ae341aa8b7d1b9.cloudfront.net (CloudFront)
x-content-type-options: nosniff
server: nginx
x-amz-cf-pop: EWR53-C1
x-frame-options: SAMEORIGIN
x-cache: Miss from cloudfront
content-type: image/gif
access-control-allow-origin: *
cache-control: no-cache
content-length: 43
x-xss-protection: 1; mode=block
x-amz-cf-id: m5tcXQf7R5jZXcryJLweZVOuT5HjwOYgA8ObDumgGkfMJ-kbzscMbA==
expires: Wed, 29 Dec 2021 19:44:43 GMT

GET
H2 200 vendors~enforcement.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 83 KB
26 KB 38ms
37ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/vendors~enforcement.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9f0bdd6051b95772f156529f946f2fdf95a6a6f03e85ce08b4686f08ebe34cf4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6500228
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: 11M4MNACACHPAEXX
x-amz-id-2: YodATsjfcoASJykLUVRYlzG3Jzk47fU+BBFeyYCUTJshsFeBoN96wgDoVjXBJlhQNKkeQXyYrLE=
last-modified: Tue, 06 Apr 2021 03:29:14 GMT
server: cloudflare
etag: W/"e4b8b463de06698accb880ca62fea129"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c55865839f84bcb-YUL

GET
H2 200 enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 19 KB
6 KB 51ms
51ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

cce8e3b393b60d7941f96605d63bad26d9a3daf21d9bd34ca9086eca2c573a3f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 21632875
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: YYX6TVA58G1GKQJA
x-amz-id-2: H/j0VdFh72qRFveg9ek4S18+0JpYG1ZcKFOqsOYPHjykAfCbBFUXIEXh6yDArzWL5GpyhmcI7/k=
last-modified: Tue, 06 Apr 2021 03:29:14 GMT
server: cloudflare
etag: W/"eabd1317294fcdb9e008780df58524c7"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
cf-request-id: 099fe6d05800004bd641392000000001
cf-ray: 6c55865839f94bcb-YUL

GET
H3 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v29/ 15 KB
15 KB 26ms
25ms Font
font/woff2 2607:f8b0:4006:823::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap

Protocol

Security

QUIC, , AES_128_GCM

Server

2607:f8b0:4006:823::2003 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://cardholder.theperfectgift.ca
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Fri, 24 Dec 2021 01:28:42 GMT
x-content-type-options: nosniff
age: 497762
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length: 15828
x-xss-protection: 0
last-modified: Wed, 22 Sep 2021 16:13:28 GMT
server: sffe
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
cross-origin-opener-policy-report-only: same-origin; report-to="apps-themes"
expires: Sat, 24 Dec 2022 01:28:42 GMT

GET
H2 200 10.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 8 KB
4 KB 52ms
51ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/10.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a805789fc58f381b3237682c5fc065002861e26acd2b3eab8c9418ca292d85b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6488705
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: WKP07MEF2BKE75PH
x-amz-id-2: /ZmMFY4koJa5juzJ2F9LNkfluoj4BjHZhXl6gqFF4E3YlWVeAQe3E4fwuGeoNZ76/IWI9gJUHFs=
last-modified: Tue, 06 Apr 2021 03:29:13 GMT
server: cloudflare
etag: W/"30feb401c948fd57811185870a7a0474"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c558658ca9f4bcb-YUL

GET
H2 200 0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 113 KB
37 KB 29ms
28ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0eb2917886075a75ba60e0ef606ef9b119f7fe108a4113b62d66fc32fb4a794f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 7864819
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: PBP30N510XFX9WHA
x-amz-id-2: nP9JX7prICR2a27XbUrQ9HfAJmTB9Nt0/9/T/Nm09uvwWpUND5Zw+McCZlh2D+XGgukc2km35zg=
last-modified: Tue, 06 Apr 2021 03:29:14 GMT
server: cloudflare
etag: W/"667126e8e5b5d581a9fc957ecc453536"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c558658caa34bcb-YUL

GET
H2 200 public-key-settings0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 289 B
408 B 36ms
36ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/public-key-settings0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db276bd9581293ba3071e741a5a2bed3b48d0e0cc7d9eceeed0a3ab862fbcd52

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6493337
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: FCMTSZV9WAVQ53MN
x-amz-id-2: c8XtANGraTrOZgF7QFV4eB+GUY81zawCBj6ttXJeLeKCgn4a5jTHvIJL3FS6wOlUc7vlA3D/Rss=
last-modified: Tue, 06 Apr 2021 03:29:13 GMT
server: cloudflare
etag: W/"65a7463671aad44af34c1da361413912"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c558658caa44bcb-YUL

GET
H2 200 8.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 69 KB
24 KB 36ms
35ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/8.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

db22980844446ed8f55ab8d5e4231091c7ccb01b6db460f20dce3b775d103890

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6500227
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: FFJ9DXWZMKNN1553
x-amz-id-2: yqydcC/k7x6zV+a3SHjXciAPqdxRHkJWwo0wxn4o45cG8Ta36Hbzd5TZMxykJnCE2WhWcyGk0HM=
last-modified: Tue, 06 Apr 2021 03:29:14 GMT
server: cloudflare
etag: W/"6b7194433e62f40578ddb35db8520445"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c558658caa54bcb-YUL

GET
H2 200 9.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 9 KB
3 KB 48ms
46ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/9.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

06e3450facb206c074af3771b234b4de9a072b49a31c0dbe16039b51406e6939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 21632874
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: YYXEA9Q1X8P6YTGZ
x-amz-id-2: MitLgzyecQ0ORj2/nhMk0zhNgZb9avRt2u8yi7KVpT0MIBvR5pBcQQt+I/qdu9hHIuaBjP/Z4Kc=
last-modified: Tue, 06 Apr 2021 03:29:13 GMT
server: cloudflare
etag: W/"3f327a6b7b5052bab0968454498d9158"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
cf-request-id: 099fe6d18000004bd632040000000001
cf-ray: 6c558658caad4bcb-YUL

GET
H2 200 / Show response
client-api.arkoselabs.com/fc/api/ Frame 81CC 376 B
407 B 30ms
30ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/fc/api/?onload=loadChallenge

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

90e48db62e92d9941057d0f872a34cee766f3976613bec123bef2176d6d919dd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
server: cloudflare
etag: W/"60e92447dba1c3c93aad1eef1e436ef9240d70e8|sha384-v1YyrKAlKSU7AZEtpbF4YfMlXi477saIFvoJDp5x/YhL3xVeXMyyiUQ8iEZ1k3YP"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary: Accept-Encoding
content-type: application/javascript
cache-control: public, no-cache
strict-transport-security: max-age=31536000; includeSubDomains
cf-ray: 6c558658caaf4bcb-YUL

GET
H2 200 public-key-style0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js Show response
client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/ Frame 81CC 244 B
410 B 47ms
47ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/public-key-style0.bundle.1f63963fa8e6cd5508fe3ad68e811d25.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.js

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f82cd25b87862f16c26bd65ce8127f63d970ac872084a73883fc554bb4e0a04e

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 6500227
cache-tag: 25F047CE-AC4D-A023-583D-14FEE20E4E1E
x-amz-request-id: 11MBVFDVGM536RR3
x-amz-id-2: rwTfCBAe36Qn+4ehZOJfGTg5jAnaN1F4OdOWJG6TZvXXsjBJhNLtdUouwByLEY+qyLHAlEKc4i0=
last-modified: Tue, 06 Apr 2021 03:29:13 GMT
server: cloudflare
etag: W/"fbdf07cbb352a05eec15e1289e911600"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
content-type: application/javascript; charset=utf-8
cache-control: public, max-age=31536000, immutable
x-amz-version-id: null
cf-ray: 6c558658cab14bcb-YUL

GET
H2 200 nr-spa-1212.min.js Show response
js-agent.newrelic.com/ 44 KB
17 KB 54ms
16ms Script
application/javascript 151.101.194.137
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://js-agent.newrelic.com/nr-spa-1212.min.js
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.194.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

x-amz-version-id: wY72Ah.NJX5KzzqRFK3uhSo3Jh07tDe4
content-encoding: gzip
etag: "8bd93bf0ecb2f4e971a2055a41402bb6"
x-amz-request-id: HFEZYP6ZP4JYCVWD
x-cache: HIT
cross-origin-resource-policy: cross-origin
content-length: 16636
x-amz-id-2: dJ0BkI1jAp+pR0bJsLkoMDir0AxL3+lgsSzUqIN3yOISkz5A99dyyjzKZBGW9VU+JjRRau7086c=
x-served-by: cache-yul12832-YUL
last-modified: Thu, 04 Nov 2021 21:16:16 GMT
server: AmazonS3
x-timer: S1640807085.967051,VS0,VE0
date: Wed, 29 Dec 2021 19:44:44 GMT
vary: Accept-Encoding
content-type: application/javascript
via: 1.1 varnish
cache-control: public, max-age=7200, stale-if-error=604800
accept-ranges: bytes
x-cache-hits: 4816

GET
H2 200 funcaptcha_api.js Show response
client-api.arkoselabs.com/cdn/fc/js/60e92447dba1c3c93aad1eef1e436ef9240d70e8/standard/ Frame 81CC 122 KB
42 KB 33ms
31ms Script
application/javascript 2606:4700::6812:1940
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://client-api.arkoselabs.com/cdn/fc/js/60e92447dba1c3c93aad1eef1e436ef9240d70e8/standard/funcaptcha_api.js

Requested by

Host: client-api.arkoselabs.com
URL: https://client-api.arkoselabs.com/fc/api/?onload=loadChallenge

Protocol

Security

TLS 1.2, ECDHE_ECDSA, CHACHA20_POLY1305

Server

2606:4700::6812:1940 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

3b33f12c79c8ad442f7c6a0e3f42dffaefeca6becab9a9150d22f8b46cbcce26

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/enforcement.1f63963fa8e6cd5508fe3ad68e811d25.html
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

date: Wed, 29 Dec 2021 19:44:44 GMT
content-encoding: br
vary: Accept-Encoding
cf-cache-status: HIT
age: 1263184
cf-ray: 6c5586590aef4bcb-YUL
x-amz-request-id: EJBVA0DSN56P5Y8V
x-amz-id-2: kK3o0OP19rqDIbpuFdr1vP+Uaj2s/WvfFqXyxmHMAW1I/5D184aJiGPr3bPQsEDTWGPcGC7AVZ0=
last-modified: Tue, 14 Dec 2021 22:16:39 GMT
server: cloudflare
etag: W/"eee80dfb0642dc9f83805c9fed85e26c"
expect-ct: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security: max-age=31536000; includeSubDomains
x-amz-version-id: 1gPewU3TCJqPtVYTS5xkJ05kgZvE176h
access-control-allow-origin: *
cache-control: public, max-age=31536000, immutable
content-type: application/javascript; charset=utf-8

GET
H/1.1 200
OK 673ac2fa6e Show response
bam-cell.nr-data.net/1/ 49 B
725 B 111ms
63ms Script
text/javascript 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=1558&ck=1&ref=https://cardholder.theperfectgift.ca/&qt=1&ap=68&be=563&fe=1480&dc=1252&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1640807083441,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:15,%22c%22:15,%22s%22:27,%22ce%22:291,%22rq%22:291,%22rp%22:480,%22rpe%22:639,%22dl%22:483,%22di%22:1251,%22ds%22:1251,%22de%22:1278,%22dc%22:1480,%22l%22:1480,%22le%22:1485%7D,%22navigation%22:%7B%7D%7D&fp=1245&fcp=1245&jsonp=NREUM.setToken
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:45 GMT
Content-Encoding: gzip
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: text/javascript
Access-Control-Allow-Origin: *
Transfer-Encoding: chunked
Cross-Origin-Resource-Policy: cross-origin
Connection: keep-alive
access-control-allow-credentials: true
CF-Ray: 6c5586599c2a7133-YUL

GET
H/1.1 200
OK wdp.js Show response
mpsnare.iesnare.com/early5/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/ 44 KB
20 KB 149ms
45ms Script
text/javascript 54.161.154.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/early5/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=false&fp_dyn=true&flash=false

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.161.154.147 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-161-154-147.compute-1.amazonaws.com

Software

nginx /

Resource Hash

188815fc62dbc758d4104a6e989877cf71bef672db98cdd96c6060dc2bca995d

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:45 GMT
Content-Encoding: gzip
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: no-cache, private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: 0

OPTIONS
H/1.1 200
OK device
app.trustev.com/api/v2.0/ Frame 0
0 42ms
41ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/device
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

POST
H/1.1 200
OK device Show response
app.trustev.com/api/v2.0/ 0
306 B 51ms
50ms XHR
text/plain 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/device
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Content-Length: 0
Expires: -1

OPTIONS
H/1.1 200
OK detail
app.trustev.com/api/v2.0/Session/872f1794-ad5b-4d68-867c-1eeda86758d4/ Frame 0
0 40ms
40ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/Session/872f1794-ad5b-4d68-867c-1eeda86758d4/detail
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

POST
H/1.1 200
OK detail Show response
app.trustev.com/api/v2.0/Session/872f1794-ad5b-4d68-867c-1eeda86758d4/ 434 B
789 B 128ms
83ms XHR
application/json 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/Session/872f1794-ad5b-4d68-867c-1eeda86758d4/detail
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: ae844cc243f2caf2cf89ec18fdb5f38320ac46fb23c3cb3183c42fcb86bb439b

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Expires: -1
Content-Type: application/json; charset=utf-8
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Content-Length: 434
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc

OPTIONS
H/1.1 200
OK device
app.trustev.com/api/v2.0/ Frame 0
0 83ms
43ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/device
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: POST
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: POST
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

POST
H/1.1 200
OK device Show response
app.trustev.com/api/v2.0/ 0
306 B 50ms
49ms XHR
text/plain 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/device
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Content-Length: 0
Expires: -1

GET
H/1.1 200
OK logo.js Show response
mpsnare.iesnare.com/5.4.0/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/ 477 B
911 B 30ms
30ms Script
text/javascript 54.161.154.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/5.4.0/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/logo.js

Requested by

Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.161.154.147 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-161-154-147.compute-1.amazonaws.com

Software

nginx /

Resource Hash

876e3d23109e549ed64597fe47a406649dfa875b8dd848188b23ae696e5cd541

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Accept-Language: en-CA,en;q=0.9
Referer: https://cardholder.theperfectgift.ca/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36

Response headers

Date: Wed, 29 Dec 2021 19:44:45 GMT
Content-Encoding: gzip
Last-Modified: Tue, 06 May 2014 00:01:40 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
p3p: CP="NON DSP COR CURa"
Accept-CH: ua, ua-arch, ua-platform, ua-model, ua-mobile, ua-full-version, ua-platform-version
Cache-Control: private
Transfer-Encoding: chunked
Connection: keep-alive
Content-Type: text/javascript; charset=utf-8
Expires: Thu, 29 Dec 2022 19:44:45 GMT

GET
H/1.1 206
Partial Content time.mp3
mpsnare.iesnare.com/ 504 B
881 B 31ms
31ms Media
audio/mpeg 54.161.154.147
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://mpsnare.iesnare.com/time.mp3?nocache=0.16273224621001825

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

54.161.154.147 , United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-54-161-154-147.compute-1.amazonaws.com

Software

nginx /

Resource Hash

f77be05f988fdadec5a8283940c6fb571f9f4bb8c1f1a85a1363652a0879d6b8

Security Headers

Name	Value
Strict-Transport-Security	max-age=15552000; includeSubDomains

Request headers

Referer: https://cardholder.theperfectgift.ca/
Accept-Encoding: identity;q=1, *;q=0
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Range: bytes=0-

Response headers

Pragma: public
Date: Wed, 29 Dec 2021 19:44:45 GMT
Server: nginx
Strict-Transport-Security: max-age=15552000; includeSubDomains
Content-Type: audio/mpeg
Content-Range: bytes 0-503/504
Content-Disposition: inline; filename=time.mp3
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 504
Expires: Thu, 01 Jan 1970 00:00:00 GMT

POST
H/1.1 200
OK 673ac2fa6e Show response
bam-cell.nr-data.net/events/1/ 24 B
516 B 55ms
55ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=1831&ck=1&ref=https://cardholder.theperfectgift.ca/
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 29 Dec 2021 19:44:45 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://cardholder.theperfectgift.ca
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6c55865afdd07133-YUL
Content-Length: 24

PUT
H/1.1 200
OK ExtendedDevice Show response
app.trustev.com/api/v2.0/ 0
306 B 98ms
97ms XHR
text/plain 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/ExtendedDevice
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Content-Length: 0
Expires: -1

OPTIONS
H/1.1 200
OK ExtendedDevice
app.trustev.com/api/v2.0/ Frame 0
0 46ms
45ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/ExtendedDevice
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: PUT
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

OPTIONS
H/1.1 200
OK ExtendedDevice
app.trustev.com/api/v2.0/ Frame 0
0 45ms
45ms Preflight 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/ExtendedDevice
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Method: PUT
Access-Control-Request-Headers: content-type,x-publickey,x-tu-dv-js-version
Origin: https://cardholder.theperfectgift.ca
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Sec-Fetch-Mode: cors

Response headers

Content-Length: 0
Access-Control-Allow-Headers: content-type,x-publickey,x-tu-dv-js-version
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: PUT
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Date: Wed, 29 Dec 2021 19:44:44 GMT

PUT
H/1.1 200
OK ExtendedDevice Show response
app.trustev.com/api/v2.0/ 0
306 B 95ms
95ms XHR
text/plain 13.77.127.157
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://app.trustev.com/api/v2.0/ExtendedDevice
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 13.77.127.157 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

X-TU-DV-JS-Version: v3.9.27645
X-PublicKey: 02e5dfa08f7348559768e82dc30cc9b5
Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
Content-Type: application/json

Response headers

Pragma: no-cache
Date: Wed, 29 Dec 2021 19:44:44 GMT
Access-Control-Allow-Origin: *
Access-Control-Expose-Headers: Request-Context,Content-Length,Date,Server
Cache-Control: no-cache
Request-Context: appId=cid-v1:d65921b2-8e68-4ce4-bca8-e9340c0ca8cc
Content-Length: 0
Expires: -1

POST
H/1.1 200
OK 673ac2fa6e Show response
bam-cell.nr-data.net/events/1/ 24 B
516 B 50ms
49ms XHR
image/gif 162.247.243.146
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://bam-cell.nr-data.net/events/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=11558&ck=1&ref=https://cardholder.theperfectgift.ca/
Requested by: Host: cardholder.theperfectgift.ca
URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 162.247.243.146 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer: https://cardholder.theperfectgift.ca/
Accept-Language: en-CA,en;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.93 Safari/537.36
content-type: text/plain

Response headers

Date: Wed, 29 Dec 2021 19:44:55 GMT
CF-Cache-Status: DYNAMIC
Server: cloudflare
Expect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
Vary: Accept-Encoding
access-control-allow-methods: GET, POST, PUT, HEAD, OPTIONS
Content-Type: image/gif
Access-Control-Allow-Origin: https://cardholder.theperfectgift.ca
access-control-allow-credentials: true
Connection: keep-alive
CF-Ray: 6c558697cbbc7133-YUL
Content-Length: 24

Verdicts & Comments Add Verdict or Comment

84 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
cardholder.theperfectgift.ca/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: s2pfwmqynoxw53kqwnimdalg
cardholder.theperfectgift.ca/	1970-01-20 00:31:25	Name: _culture Value: en-CA
cardholder.theperfectgift.ca/	1969-12-31 23:59:59	Name: __RequestVerificationToken Value: eDONgCen89S6L48LxM5JIN8_XX9kujep_-HawdRzLEZGMo5CzAF9rzuqz4pjGkV9Lij7tMCsMsm7WbbmwA_1Ict4fhAP_cdIVcda80B9jZc1
.cardholder.theperfectgift.ca/	1969-12-31 23:59:59	Name: notice_behavior Value: implied,eu
cardholder.theperfectgift.ca/	1970-01-19 23:46:47	Name: jsConfig-02e5dfa08f7348559768e82dc30cc9b5 Value: {"configuration":{"javascript":{"locationServices":null,"passiveAuth":{"enabled":false,"passiveAuthURL":null},"deviceId":{"enabled":true}}}}
cardholder.theperfectgift.ca/	1970-01-19 23:46:48	Name: tsid-02e5dfa08f7348559768e82dc30cc9b5 Value: 872f1794-ad5b-4d68-867c-1eeda86758d4
.nr-data.net/	1969-12-31 23:59:59	Name: JSESSIONID Value: 3e25fbf53a749da1
mpsnare.iesnare.com/	1970-01-20 08:32:23	Name: io_token_7c6a6574-f011-4c9a-abdd-9894a102ccef Value: +F3op4lMqYvHZuFB6UOShMkvvTdBUUcZUmVPqUFZzMQ=

303 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-Rq5+84vUzw7JpmHM6yzCEN8a6oHSxP+qmZGBlOX94qg='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-31tZ+T5KxVPd7Qsy9w6mhMtLmDvu8sxuLD0c6EiQBgw='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 9) Message: [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css?family=Roboto+Condensed:400,700,300\|Roboto' because it violates the following Content Security Policy directive: "style-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 10) Message: [Report Only] Refused to load the stylesheet 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/css/bootstrap.min.css' because it violates the following Content Security Policy directive: "style-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CwE3Bg0VYQOIdNAkbB/Btdkhul49qZuwgNCMPgNY5zw='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu72xKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7mxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4WxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7WxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCkYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCAYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCgYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCcYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCsYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCoYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-33mZGCQYbw.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19-7DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19a7DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-1967DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19G7DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-1927DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19y7DRs5.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCkYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCAYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCgYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCcYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCsYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCoYb8td.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/robotocondensed/v19/ieVi2ZhZI2eCN5jzbjEETS9weq8-32meGCQYbw.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.woff' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/317281/bundles/jquery Message: [Report Only] Refused to load the font 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.4/fonts/glyphicons-halflings-regular.ttf' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-MZKTI0Eg1N13tshpFaVW65co/LeICXq4hyVx6GWVlK0='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-LpfmXS+4ZtL2uPRZgkoR29Ghbxcfime/CsD/4w5VujE='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-YJO/M9OgDKEBRKGqp4Zd07dzlagbB+qmKgThG52u/Mk='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the script 'https://maxcdn.bootstrapcdn.com/bootstrap/3.3.5/js/bootstrap.min.js' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 30) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BNpqJtFaVxA0J4fqY7I/pumR1mQweV45dk7Jk2djiYk='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the script 'https://consent.trustarc.com/notice?domain=blackhawknetwork.com&c=teconsent&js=nj&noticeType=bb&text=true&gtm=1&language=en-CA' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 47) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-V3ARoUgetOblHqEyOMsyg+aKHXjDtOk2a02irDL8iJw='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the script 'https://client-api.arkoselabs.com/v2/25F047CE-AC4D-A023-583D-14FEE20E4E1E/api.js' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the script 'https://cdn-us.trustev.com/trustev.min.js' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://consent.trustarc.com/asset/notice.js/v/v1.7-940' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the image 'https://consent.trustarc.com/log?domain=blackhawknetwork.com&country=ca&state=&behavior=implied&c=0c3a' because it violates the following Content Security Policy directive: "img-src 'self' data: www.google-analytics.com".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 136) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-jL0vPwtKA9fQRMkr/g4czc+uL6o97/qZaFaL3M4fomM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 210) Message: [Report Only] Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-jL0vPwtKA9fQRMkr/g4czc+uL6o97/qZaFaL3M4fomM='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/configuration/javascript' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/session' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-Y4YhHFCyo/BREYP/C8B4z2tIfioIaXiEC560yu0Ne2Q='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-47DEQpj8HBSa+/TImW+5JCeuQeRkm5NMpJWZG3hSuFU='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-CB0eCe6R3EQrt90VTtQh62tzTrgN24JfFD5qlBw0Slo='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA(Line 29) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-BD05wHLY4ny/vDdQOGpBDnvZwgeC66B5cEYbMtU4hss='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA(Line 29) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-/kXZODfqoc2myS1eI6wr0HH8lUt+vRhW8H/oL+YJcMg='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA(Line 29) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-4/zV9lCBz1TTXG4Gtp7T26+o3oOfpCXDvlrNqQ3rA7k='), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA(Line 29) Message: [Report Only] Refused to apply inline style because it violates the following Content Security Policy directive: "style-src 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-UAkJh3IttDhwxvpiEiZ7ACsX/kvzuzNc4gy7J7JsZqs='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://consent.trustarc.com/notice?domain=blackhawknetwork.com&country=ca&js=nj2&c=teconsent&noticeType=bb&text=true&gtm=1&language=en-CA(Line 29) Message: [Report Only] Refused to load the stylesheet 'https://fonts.googleapis.com/css2?family=Roboto:wght@400;500;700&display=swap' because it violates the following Content Security Policy directive: "style-src 'self'". Note that 'style-src-elem' was not explicitly set, so 'style-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the image 'https://consent.trustarc.com/bannermsg?action=views&domain=blackhawknetwork.com&behavior=implied&country=ca&language=en&rand=0.2684346474968058' because it violates the following Content Security Policy directive: "img-src 'self' data: www.google-analytics.com".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu72xKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu5mxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7mxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4WxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7WxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu7GxKOzY.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOmCnqEu92Fr1Mu4mxK.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmEU9fBBc4.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load the font 'https://fonts.gstatic.com/s/roboto/v29/KFOlCnqEu92Fr1MmWUlfBBc4.woff2' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'font-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://js-agent.newrelic.com/nr-spa-1212.min.js' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://bam-cell.nr-data.net/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=1558&ck=1&ref=https://cardholder.theperfectgift.ca/&qt=1&ap=68&be=563&fe=1480&dc=1252&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1640807083441,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:15,%22c%22:15,%22s%22:27,%22ce%22:291,%22rq%22:291,%22rp%22:480,%22rpe%22:639,%22dl%22:483,%22di%22:1251,%22ds%22:1251,%22de%22:1278,%22dc%22:1480,%22l%22:1480,%22le%22:1485%7D,%22navigation%22:%7B%7D%7D&fp=1245&fcp=1245&jsonp=NREUM.setToken' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://mpsnare.iesnare.com/early5/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=false&fp_dyn=true&flash=false' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/device' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/Session/872f1794-ad5b-4d68-867c-1eeda86758d4/detail' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/device' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to load the script 'https://mpsnare.iesnare.com/5.4.0/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/logo.js' because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://mpsnare.iesnare.com/early5/nLdMddw0jvDUZG3ETn8y0CEt7ZECk8Jm4N-uQ7wPu0k/wdp.js?loaderVer=5.1.0&compat=false&tp=true&tp_split=false&fp_static=false&fp_dyn=true&flash=false(Line 11) Message: [Report Only] Refused to connect to 'wss://mpsnare.iesnare.com/star' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load media from 'https://mpsnare.iesnare.com/time.mp3?nocache=0.16273224621001825' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load media from 'https://mpsnare.iesnare.com/time.mp3?nocache=0.16273224621001825' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://bam-cell.nr-data.net/events/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=1831&ck=1&ref=https://cardholder.theperfectgift.ca/' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to load media from 'data:audio/mpeg;base64,/+NIZAAAAAAAAAAAAAAAAAAAAAAAWGluZwAAAA8AAAAAAAACQABAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQECAgICAgICAgICAgICAgICAgICAgICAgICAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwMDAwP////////////////////////////////8AAAAKTEFNRTMuOThyBCgAAAAAAAAAABQIJAbALQABmgAAAkDGbPjAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA/+MYZAAAAAGkAAAAAAAAA0gAAAAATEFNRTMuOTguMlVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/+MYZDMAAAGkAAAAAAAAA0gAAAAAVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV/+MYZGYAAAGkAAAAAAAAA0gAAAAAVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVVV' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'media-src' was not explicitly set, so 'default-src' is used as a fallback.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA Message: [Report Only] Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'self' www.google-analytics.com www.google.com www.gstatic.com". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/ExtendedDevice' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://app.trustev.com/api/v2.0/ExtendedDevice' because it violates the following Content Security Policy directive: "connect-src 'self'".
security	error	URL: https://cardholder.theperfectgift.ca/?lang%5C=fr-CA(Line 6) Message: [Report Only] Refused to connect to 'https://bam-cell.nr-data.net/events/1/673ac2fa6e?a=1737192560&v=1212.e95d35c&to=ZFVbZUIHC0RWU0IMDF0fdGdzSSRUVF9DCxdwX1dFQgkJW1JCGSkMVFlX&rst=11558&ck=1&ref=https://cardholder.theperfectgift.ca/' because it violates the following Content Security Policy directive: "connect-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

app.trustev.com
bam-cell.nr-data.net
cardholder.theperfectgift.ca
cdn-us.trustev.com
cdn.trustev.com
client-api.arkoselabs.com
consent.trustarc.com
fonts.googleapis.com
fonts.gstatic.com
js-agent.newrelic.com
maxcdn.bootstrapcdn.com
mpsnare.iesnare.com
www.google-analytics.com
13.225.63.122
13.77.127.157
151.101.194.137
162.247.243.146
216.104.233.144
2606:2800:11f:1cb7:261b:1f9c:2074:3c
2606:4700::6812:1940
2606:4700::6812:bcf
2607:f8b0:4006:817::200e
2607:f8b0:4006:822::200a
2607:f8b0:4006:823::2003
54.161.154.147
06e3450facb206c074af3771b234b4de9a072b49a31c0dbe16039b51406e6939
084a7135a2401b36223c591e41b2b60f073ab6432a8db01e3aa12708bb92f73e
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0eaeadb58e6995ba85eccb6198aaef77eeb1d4b66699e4e1f3fc10eb6adfcdb9
0eb2917886075a75ba60e0ef606ef9b119f7fe108a4113b62d66fc32fb4a794f
15d5fa7b09ec5daed0f12dd10bb995a4285a8a3e0d3fd5155768f1ceba4bda60
188815fc62dbc758d4104a6e989877cf71bef672db98cdd96c6060dc2bca995d
1da8d46f207eaebaeec82fa0150db751e38798e1a94f376716bc2b577daf6851
2003a2eb0f13d463f7613e4dc734bfcfccfc66dbbbd0a362769e4a0aa66f564a
2631a642b5823ff716ff86be7d401be7213010aaeb04c1f03a525de45b9bbc0f
3b33f12c79c8ad442f7c6a0e3f42dffaefeca6becab9a9150d22f8b46cbcce26
3c7059be4e3da47cbced1834b173f9900874178ff4a13321c870644cb2b96a37
4a4de7903ea62d330e17410ea4db6c22bcbeb350ac6aa402d6b54b4c0cbed327
53b907326f7c21a04f6d39cc32ff471aafec57d887feabfabb53394f378c659f
63b88c463dc3d0437f448c38ab457130966998f2ba18da1aba620f98cdd677a8
69d7f077cbc8b156d25ac4493626b8021d54afdfd4f1cc1ca49f839d7fda2609
6a3e500b18d09d02566aba4e446f72f8d94009c325ef69b986fd14404e8a5bca
7bd74ff5ad848a3e27e4fe787cbb8ae74f60d42c0c8ce6f76ae9a486508d601b
876e3d23109e549ed64597fe47a406649dfa875b8dd848188b23ae696e5cd541
89e1df4b4f39d76829490e604aca3aa9cea2af25176b0b3069635a1490dcc23a
90e48db62e92d9941057d0f872a34cee766f3976613bec123bef2176d6d919dd
917cd441969c201fe537f3c3c47a825d2fd9b68535a5873358b630a5c6a25f0d
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
9acc1904bb4ac1db528d3d46beb20315899bd314075e043f47296c0656254fd7
9f0bdd6051b95772f156529f946f2fdf95a6a6f03e85ce08b4686f08ebe34cf4
9f3beccf1c6cdb59aa5773bade850027f18a6d1d8f4a0b66fc45dbb28f0932e0
a1925038db769477ab74b4df34350c35688a795bb718727b0f4292a4a78a6210
a805789fc58f381b3237682c5fc065002861e26acd2b3eab8c9418ca292d85b1
ae844cc243f2caf2cf89ec18fdb5f38320ac46fb23c3cb3183c42fcb86bb439b
aeb978c283f75e5d28bded65b65f4bbf2c867414162039f8ded5b6b75eb1d94e
b4e0e4bafdba979ed97fde06c409478becd96dde7a53023aae7858a19f15a67b
b654913d782f8b38df6f5e468a7a67bb5482cee002471aa584ed685daf034442
c0a49c6f942f8f6ff07723340e9f7a1e4fe40f63e3ab9ed5d08e311986ec9f89
c45cd6dee1779c5d47e5829c1228918bc97060b46063c6af1852fecaab8d87d2
c867104326e3c4b658209d8e5bcea0900aaf7fbc2bbc181ca01c482cac2810f3
cc46322d5c4d41da447f26f7fa714827f2ec9a112968c12ef5736c7494985eca
cce8e3b393b60d7941f96605d63bad26d9a3daf21d9bd34ca9086eca2c573a3f
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
db22980844446ed8f55ab8d5e4231091c7ccb01b6db460f20dce3b775d103890
db276bd9581293ba3071e741a5a2bed3b48d0e0cc7d9eceeed0a3ab862fbcd52
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea9d101fe0f9989216afd8f7af3ff8ec2d3c70e3e54463eb64556ad0561627dc
ebfe453394ff1be6ef75d380ab7c5535aea0b51832d045f0d5d0ef7e6535969c
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f77be05f988fdadec5a8283940c6fb571f9f4bb8c1f1a85a1363652a0879d6b8
f82cd25b87862f16c26bd65ce8127f63d970ac872084a73883fc554bb4e0a04e
fcb0cacbd8deca3da4cc7e2cbe0ac0f909440cebd0abacbfa5531eb58ad2235a

cardholder.theperfectgift.ca Open in urlscan Pro 216.104.233.144 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

59 Requests

100 %HTTPS

50 %IPv6

11 Domains

13 Subdomains

12 IPs

1 Countries

785 kBTransfer

1410 kBSize

8 Cookies

10 Outgoing links

Redirected requests

59 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

cardholder.theperfectgift.ca Open in urlscan Pro
216.104.233.144 Public Scan

Screenshot
Live screenshot

Full Image

59
Requests

100 %
HTTPS

50 %
IPv6

11
Domains

13
Subdomains

12
IPs

1
Countries

785 kB
Transfer

1410 kB
Size

8
Cookies

59 HTTP transactions
0 data transactions