urlscan.io logo urlscan.io
SecurityTrails logo

app.monarchmoney.com Open in urlscan Pro
2606:4700:10::6816:3d79  Public Scan

Go To Rescan Add Verdict Report
URL: https://app.monarchmoney.com/plan
Submission: On December 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 36 IPs in 6 countries across 27 domains to perform 127 HTTP transactions. The main IP is 2606:4700:10::6816:3d79, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.monarchmoney.com. The Cisco Umbrella rank of the primary domain is 389703.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on April 22nd 2023. Valid for: a year.
This is the only time app.monarchmoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 2606:4700:10:... 13335 (CLOUDFLAR...)
1 65.9.95.9 16509 (AMAZON-02)
1 2a04:4e42:400... 54113 (FASTLY)
1 34.117.162.98 396982 (GOOGLE-CL...)
13 184.86.103.95 20940 (AKAMAI-ASN1)
3 2620:1ec:46::63 8075 (MICROSOFT...)
1 65.9.95.7 16509 (AMAZON-02)
1 151.101.1.140 54113 (FASTLY)
4 34.111.186.1 396982 (GOOGLE-CL...)
1 2.16.62.104 20940 (AKAMAI-ASN1)
5 20.114.190.119 8075 (MICROSOFT...)
14 2606:4700:10:... 13335 (CLOUDFLAR...)
1 35.186.247.156 15169 (GOOGLE)
3 151.101.128.176 54113 (FASTLY)
3 104.18.70.113 13335 (CLOUDFLAR...)
1 2600:9000:224... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 184.30.208.159 16625 (AKAMAI-AS)
2 2.21.74.67 20940 (AKAMAI-ASN1)
1 104.18.72.113 13335 (CLOUDFLAR...)
1 104.16.53.111 13335 (CLOUDFLAR...)
1 65.9.95.34 16509 (AMAZON-02)
11 65.9.93.192 16509 (AMAZON-02)
2 50.19.89.137 14618 (AMAZON-AES)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 3 2620:1ec:c11:... 8068 (MICROSOFT...)
3 54.187.119.242 16509 (AMAZON-02)
2 2600:9000:205... 16509 (AMAZON-02)
1 52.10.76.194 16509 (AMAZON-02)
3 142.250.186.162 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
1 146.75.116.157 54113 (FASTLY)
2 2a00:1450:400... 15169 (GOOGLE)
2 2600:9000:212... 16509 (AMAZON-02)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
127 36
18    2606:4700:10::6816:3d79 (United States)

ASN13335 (CLOUDFLARENET, US)
app.monarchmoney.com
1    65.9.95.9 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-9.prg50.r.cloudfront.net
cdn.plaid.com
1    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
1    34.117.162.98 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.162.117.34.bc.googleusercontent.com
pixel.byspotify.com
13    184.86.103.95 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-86-103-95.deploy.static.akamaitechnologies.com
analytics.tiktok.com
3    2620:1ec:46::63 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    65.9.95.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-7.prg50.r.cloudfront.net
cdn.userleap.com
1    151.101.1.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
4    34.111.186.1 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 1.186.111.34.bc.googleusercontent.com
evnt.byspotify.com
1    2.16.62.104 (Düsseldorf, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-16-62-104.deploy.static.akamaitechnologies.com
analytics.pangle-ads.com
5    20.114.190.119 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
x.clarity.ms
14    2606:4700:10::ac43:5c4 (United States)

ASN13335 (CLOUDFLARENET, US)
features.monarchmoney.com
1    35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com
sentry.io
3    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
3    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    2600:9000:2240:9000:9:a6e8:8080:93a1 (United States)

ASN16509 (AMAZON-02, US)
events-cdn.monarchmoney.com
1    2a00:1450:400c:c02::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
1    184.30.208.159 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-208-159.deploy.static.akamaitechnologies.com
appleid.cdn-apple.com
2    2.21.74.67 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-21-74-67.deploy.static.akamaitechnologies.com
sdk-api-v1.singular.net
1    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
1    104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)
monarchmoney.zendesk.com
1    65.9.95.34 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-95-34.prg50.r.cloudfront.net
streaming.split.io
11    65.9.93.192 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-93-192.prg50.r.cloudfront.net
cdn.segment.com
2    50.19.89.137 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-50-19-89-137.compute-1.amazonaws.com
api.sprig.com
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
3    2620:1ec:c11::200 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
bat.bing.com
3    54.187.119.242 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ip-54-187-119-242.stripe.com
q.stripe.com
2    2600:9000:2057:3400:19:7d10:bd80:93a1 (United States)

ASN16509 (AMAZON-02, US)
m.stripe.network
1    52.10.76.194 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-10-76-194.us-west-2.compute.amazonaws.com
m.stripe.com
3    142.250.186.162 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s08-in-f2.1e100.net
www.googleadservices.com
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
1    146.75.116.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
2    2a00:1450:4001:82a::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2600:9000:2127:3800:d:cf84:bb40:93a1 (United States)

ASN16509 (AMAZON-02, US)
events-api.monarchmoney.com
2    2a00:1450:4001:831::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:810::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
35 monarchmoney.com
app.monarchmoney.com — Cisco Umbrella Rank: 389703
features.monarchmoney.com — Cisco Umbrella Rank: 185488
api.monarchmoney.com Failed
events-cdn.monarchmoney.com — Cisco Umbrella Rank: 508114
events-api.monarchmoney.com — Cisco Umbrella Rank: 347292
2 MB
13 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 617
161 KB
11 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1681
51 KB
10 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 796
x.clarity.ms — Cisco Umbrella Rank: 7265
c.clarity.ms — Cisco Umbrella Rank: 1377
29 KB
7 stripe.com
js.stripe.com — Cisco Umbrella Rank: 1282
q.stripe.com — Cisco Umbrella Rank: 7730
m.stripe.com — Cisco Umbrella Rank: 1245
165 KB
5 byspotify.com
pixel.byspotify.com — Cisco Umbrella Rank: 10581
evnt.byspotify.com — Cisco Umbrella Rank: 10539
7 KB
4 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 2043
ekr.zdassets.com — Cisco Umbrella Rank: 2264
277 KB
3 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 138
20 KB
3 bing.com
c.bing.com — Cisco Umbrella Rank: 228
bat.bing.com — Cisco Umbrella Rank: 329
15 KB
3 google.com
accounts.google.com — Cisco Umbrella Rank: 23
www.google.com — Cisco Umbrella Rank: 2
81 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6765
563 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 33
2 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
71 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 168
89 KB
2 stripe.network
m.stripe.network — Cisco Umbrella Rank: 1361
16 KB
2 sprig.com
api.sprig.com — Cisco Umbrella Rank: 4342
1 KB
2 singular.net
sdk-api-v1.singular.net — Cisco Umbrella Rank: 5234
307 B
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 678
15 KB
1 split.io
streaming.split.io — Cisco Umbrella Rank: 3809
1 zendesk.com
monarchmoney.zendesk.com — Cisco Umbrella Rank: 481349
1 KB
1 cdn-apple.com
appleid.cdn-apple.com — Cisco Umbrella Rank: 3485
17 KB
1 sentry.io
sentry.io — Cisco Umbrella Rank: 171
324 B
1 pangle-ads.com
analytics.pangle-ads.com — Cisco Umbrella Rank: 2266
961 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1387
637 B
1 userleap.com
cdn.userleap.com — Cisco Umbrella Rank: 52829
96 KB
1 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1266
9 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 13515
43 KB
127 27
Domain Requested by
18 app.monarchmoney.com app.monarchmoney.com
14 features.monarchmoney.com app.monarchmoney.com
13 analytics.tiktok.com app.monarchmoney.com
analytics.tiktok.com
11 cdn.segment.com app.monarchmoney.com
events-cdn.monarchmoney.com
5 x.clarity.ms www.clarity.ms
app.monarchmoney.com
4 evnt.byspotify.com pixel.byspotify.com
app.monarchmoney.com
3 www.googleadservices.com cdn.segment.com
www.googleadservices.com
3 q.stripe.com app.monarchmoney.com
3 static.zdassets.com app.monarchmoney.com
static.zdassets.com
3 js.stripe.com app.monarchmoney.com
js.stripe.com
3 www.clarity.ms app.monarchmoney.com
www.clarity.ms
bat.bing.com
2 www.google.de
2 www.google.com 2 redirects
2 googleads.g.doubleclick.net 2 redirects
2 events-api.monarchmoney.com app.monarchmoney.com
2 www.google-analytics.com cdn.segment.com
www.google-analytics.com
2 bat.bing.com cdn.segment.com
bat.bing.com
2 connect.facebook.net cdn.segment.com
connect.facebook.net
2 m.stripe.network js.stripe.com
m.stripe.network
2 c.clarity.ms 1 redirects
2 api.sprig.com app.monarchmoney.com
2 sdk-api-v1.singular.net app.monarchmoney.com
1 static.ads-twitter.com cdn.segment.com
1 m.stripe.com m.stripe.network
1 c.bing.com 1 redirects
1 streaming.split.io app.monarchmoney.com
1 monarchmoney.zendesk.com static.zdassets.com
1 ekr.zdassets.com app.monarchmoney.com
1 appleid.cdn-apple.com app.monarchmoney.com
1 accounts.google.com app.monarchmoney.com
1 events-cdn.monarchmoney.com app.monarchmoney.com
1 sentry.io app.monarchmoney.com
1 analytics.pangle-ads.com analytics.tiktok.com
1 alb.reddit.com app.monarchmoney.com
1 cdn.userleap.com app.monarchmoney.com
1 pixel.byspotify.com app.monarchmoney.com
1 www.redditstatic.com app.monarchmoney.com
1 cdn.plaid.com app.monarchmoney.com
0 api.monarchmoney.com Failed app.monarchmoney.com
127 39

This site contains no links.

Subject Issuer Validity Valid
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2023-04-22 -
2024-04-21		 a year crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2023-03-09 -
2024-04-08		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-25 -
2024-02-21		 6 months crt.sh
pixel.byspotify.com
GTS CA 1D4		 2023-11-06 -
2024-02-04		 3 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
userleap.com
Amazon RSA 2048 M03		 2023-09-09 -
2024-10-07		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-09-01 -
2024-02-28		 6 months crt.sh
prfx.byspotify.com
GTS CA 1D4		 2023-11-11 -
2024-02-09		 3 months crt.sh
*.pangle-ads.com
RapidSSL TLS ECC CA G1		 2023-08-10 -
2024-09-09		 a year crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 06		 2023-02-13 -
2024-02-08		 a year crt.sh
sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-08 -
2024-09-07		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2023-10-30 -
2024-01-25		 3 months crt.sh
zdassets.com
E1		 2023-10-23 -
2024-01-21		 3 months crt.sh
monarchmoney.com
Amazon RSA 2048 M01		 2023-04-10 -
2024-05-08		 a year crt.sh
accounts.google.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
appleid.cdn-apple.com
Apple Public EV Server RSA CA 2 - G1		 2023-11-08 -
2024-02-06		 3 months crt.sh
*.singular.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-05-05 -
2024-05-04		 a year crt.sh
monarchmoney.zendesk.com
Cloudflare Inc ECC CA-3		 2023-05-27 -
2024-05-26		 a year crt.sh
streaming.split.io
Amazon RSA 2048 M01		 2023-03-13 -
2024-04-09		 a year crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
istio-gateway.sprig.com
Amazon RSA 2048 M01		 2023-05-23 -
2024-06-20		 a year crt.sh
*.stripe.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1		 2023-10-09 -
2024-01-18		 3 months crt.sh
m.stripe.com
DigiCert TLS RSA SHA256 2020 CA1		 2023-10-05 -
2024-01-18		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2023-09-24 -
2023-12-23		 3 months crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2023-10-24 -
2024-04-21		 6 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2023-11-20 -
2024-02-12		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://app.monarchmoney.com/plan
Frame ID: 787D657D75F96C8A5B043C2AEEBC2F52
Requests: 98 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1bfc6fa.js
Frame ID: DAD2AD118F0262057CB2016DC8D668FA
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Frame ID: A579DC5059625121C01C407ECE866D41
Requests: 4 HTTP requests in this frame

Frame: https://m.stripe.network/inner.html
Frame ID: B5CE034606E46645DDF797A77AA8BE63
Requests: 4 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Monarch | Sign In

Detected technologies

Overall confidence: 100%
Detected patterns
  • appleid\.auth\.js
Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

127
Requests

86 %
HTTPS

38 %
IPv6

27
Domains

39
Subdomains

36
IPs

6
Countries

3709 kB
Transfer

14270 kB
Size

24
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 82
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&RedC=c.clarity.ms&MXFR=15A3A52311BA6B800757B6CA15BA65CA HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&MUID=3CBE5589D18C6C8C0B304660D08C6D7C
Request Chain 121
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&ocp_id=UfF8ZZ7WNoaE-gbPk5OgCw&sscte=1&crd=&pscrd=IhMI3sL_yduSgwMVBoLeCh3PyQS0 HTTP 302
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI3sL_yduSgwMVBoLeCh3PyQS0&is_vtc=1&ocp_id=UfF8ZZ7WNoaE-gbPk5OgCw&cid=CAQSGwAvHhf_YVNn_Meys3tH6K17mPXLba5Ec8Tjgw&random=35171852&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI3sL_yduSgwMVBoLeCh3PyQS0&is_vtc=1&ocp_id=UfF8ZZ7WNoaE-gbPk5OgCw&cid=CAQSGwAvHhf_YVNn_Meys3tH6K17mPXLba5Ec8Tjgw&random=35171852&resp=GooglemKTybQhCsO&ipr=y
Request Chain 122
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&ocp_id=UfF8ZazZNpOxx_APrLWr4AY&sscte=1&crd=&pscrd=IhMI7MX_yduSgwMVk9gRCB2s2gps HTTP 302
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI7MX_yduSgwMVk9gRCB2s2gps&is_vtc=1&ocp_id=UfF8ZazZNpOxx_APrLWr4AY&cid=CAQSGwAvHhf_V48K-Yi4Vmex8sUiH09wC2Ei4zQYSA&random=2894237215&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI7MX_yduSgwMVk9gRCB2s2gps&is_vtc=1&ocp_id=UfF8ZazZNpOxx_APrLWr4AY&cid=CAQSGwAvHhf_V48K-Yi4Vmex8sUiH09wC2Ei4zQYSA&random=2894237215&resp=GooglemKTybQhCsO&ipr=y

127 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request plan
app.monarchmoney.com/ 		1 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b6480709fa56cad6675cf0514debe8d31ef0ecb4ce722657c46d69706b98c034
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8362dbc9a98f6997-FRA
content-encoding
gzip
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
content-type
text/html; charset=UTF-8
date
Sat, 16 Dec 2023 00:37:34 GMT
expect-ct
max-age=0
last-modified
Fri, 15 Dec 2023 19:27:43 GMT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy
no-referrer
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 vegur
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
analytics.js
app.monarchmoney.com/ 		2 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/analytics.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"608-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa686997-FRA
reddit.js
app.monarchmoney.com/ 		465 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/reddit.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"1d1-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa696997-FRA
spotify.js
app.monarchmoney.com/ 		560 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/spotify.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"230-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa6a6997-FRA
tiktok.js
app.monarchmoney.com/ 		1 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/tiktok.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"543-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa6b6997-FRA
clarity.js
app.monarchmoney.com/ 		341 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/clarity.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"155-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa6d6997-FRA
userleap.js
app.monarchmoney.com/ 		475 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/userleap.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"1db-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa6e6997-FRA
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		142 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.9 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-9.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2bcc6d8a3ce5d6635877ac053cb215645bfa74d86a1f3fea14d37864d4227347

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id
QwKKEDQUXTf_0Lw2b0ETSEUhVQsrd9qP
content-encoding
gzip
via
1.1 017ac0aeeb057314a9b1c06f8b97ba34.cloudfront.net (CloudFront)
date
Fri, 15 Dec 2023 21:41:22 GMT
x-amz-request-id
P9PXQBSQMK6TYZZA
x-amz-cf-pop
PRG50-C1
x-amz-server-side-encryption
AES256
age
10573
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
MlqErZ+fRMRWtcakt+p8yHQaW4xK2i5MYnZTeRQGQnZKwpyxYLCW2bq/beMmoHLmR4OaZ+PT35U=
last-modified
Thu, 14 Dec 2023 21:27:54 GMT
server
AmazonS3
etag
W/"87214bba3b022f3f15308b3c46127b42"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
7mPhz15VF3Yl2Ss7IMXLiztTMhaASlbtUwpYWhv7Bum_0IrIPwJLcg==
runtime-main.8cd79fd4.js
app.monarchmoney.com/static/js/ 		2 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/js/runtime-main.8cd79fd4.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
609c0f639da2c0424915d89d1a3c8a2302f34aba74692e3a96a1a11ccdfd1b65
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:34 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"96d-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa6f6997-FRA
2.2fbacd7c.chunk.js
app.monarchmoney.com/static/js/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a3758b5f3e8a5de73ac41b13a1e2f97504fa4f03a565a5ad3bd7c56a383dad05
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:43 GMT
server
cloudflare
etag
W/"631521-18c6ef2eb98"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa706997-FRA
main.9a8fe010.chunk.js
app.monarchmoney.com/static/js/ 		4 MB
670 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/js/main.9a8fe010.chunk.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
949015274ea5afc2f1e0957f8a24da99be4b7e485eacef07612379498f6dcc1f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"3921d7-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687054&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=rYzeAIZ1AXDXNqU9F4R95eno2Tkvmu5fw73zwnKfCCQ%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbcbaa716997-FRA
pixel.js
www.redditstatic.com/ads/ 		26 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/reddit.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Tue, 12 Dec 2023 19:56:38 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"ead4fccfb1bebd02138cf2dcadd7dcba"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8123
ping.min.js
pixel.byspotify.com/ 		32 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.byspotify.com/ping.min.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/spotify.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.162.98 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
98.162.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
20c0114a672ac0b5b31a1c0100543a2306bf389816ab20774b66e8f7b30fb60c

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 15 Dec 2023 23:51:06 GMT
content-encoding
gzip
via
1.1 google
age
2789
x-guploader-uploadid
ABPtcPrTd2eQN2tFyQhO_EOiOWSV8MdiHDkHCMDYBZNKZ4THIhX0Ua1ojGzkualWM1cuskFXkNkZnfItwljv9xc
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6158
last-modified
Wed, 11 Oct 2023 19:00:35 GMT
server
UploadServer
etag
"13069f74108a788c598831c3a4ff2cdf"
vary
Accept-Encoding
x-goog-generation
1697050835633914
x-goog-hash
crc32c=We0+rw==, md5=EwafdBCKeIxZiDHDpP8s3w==
content-type
application/javascript;
cache-control
public, max-age=3600
x-goog-stored-content-length
6158
accept-ranges
bytes
expires
Sat, 16 Dec 2023 00:51:06 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/tiktok.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
7c61155791ea8e0fc052cb23f07ae0da216f48b207d58622e17259bd380d6099

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-akamai-request-id
4b22dd95
date
Sat, 16 Dec 2023 00:37:35 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2312160037353DCF6A7143823851B611-3934614D4E5ED52A-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=4, cdn-cache; desc=MISS, edge; dur=0, origin; dur=95
content-length
1743
pragma
no-cache
server
nginx
x-tt-logid
202312160037353DCF6A7143823851B611
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
95,184.86.102.95
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e366070e8ab6d27e68a82fe1dc2908c2e91f946e24cd62cdf00b85d0c8c4e241ae780ceeb5150d89a10971fbdec0e805150f4c8ea35f61806aeedd866dc14fe8e5e32cfbf87c897a48987f116e8fb5f4d946a
expires
Sat, 16 Dec 2023 00:37:35 GMT
hjy3lwdr3i
www.clarity.ms/tag/ 		686 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/hjy3lwdr3i
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/clarity.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aa528d4d8673811d380338bce915e87c5dbde6450b739738a2091249bc8a67f0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
-1
date
Sat, 16 Dec 2023 00:37:35 GMT
x-azure-ref
20231216T003735Z-wmy9z3r3yp02m8q49ac4zyt1z800000008eg00000000kuzw
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
686
request-context
appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
shim.js
cdn.userleap.com/ 		320 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.userleap.com/shim.js?id=jhOvgs1si6
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/userleap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-7.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
22fd6b8e9d9417522898862517654fef8ab1c1a4322d3b410f52cb2e38fbdd49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id
Cb1GRiO580oijUjW_jsJa25.YTLlPQdw
content-encoding
br
via
1.1 b031f43146c9801101822eabdc464390.cloudfront.net (CloudFront)
date
Fri, 15 Dec 2023 23:09:54 GMT
last-modified
Tue, 21 Nov 2023 21:01:08 GMT
server
AmazonS3
x-amz-cf-pop
PRG50-C1
age
5696
x-amz-server-side-encryption
AES256
etag
W/"79f9ab8c6e539e62818359749761803d"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
x-amz-cf-id
0up0mecJXx52EZNcwV1hXYZkhrhlTkFwOjtFAQwu1bg9mDfxFyh5JA==
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1702687055130&id=t2_5u6sm01h&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=c1ef3a53-c862-4e2e-be74-e19f555329dc&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_3549b422&dpm=&dpcc=&dprc=
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.1.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
/
evnt.byspotify.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://app.monarchmoney.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 16 Dec 2023 00:37:35 GMT
via
1.1 google
/
evnt.byspotify.com/ 		2 B
97 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Requested by
Host: pixel.byspotify.com
URL: https://pixel.byspotify.com/ping.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
via
1.1 google
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
false
access-control-allow-headers
Content-Type, Accept
content-length
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
clarity.js
www.clarity.ms/s/0.7.20/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.20/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hjy3lwdr3i
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:35 GMT
content-encoding
br
last-modified
Wed, 13 Dec 2023 19:57:52 GMT
etag
W/"0x8DBFC15CAB825ED"
vary
Accept-Encoding
x-azure-ref
20231216T003735Z-wmy9z3r3yp02m8q49ac4zyt1z800000008eg00000000kv0a
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
ee6321bd-001e-0046-1dad-2e1a5c000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
main.MTdjYzNiZDU2NQ.js
analytics.tiktok.com/i18n/pixel/static/ 		452 KB
115 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
f93a2099c3616f66c36e451e221e1069827e048d77eecc0b5219de876eb715d2

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-akamai-request-id
4b22deaa
date
Sat, 16 Dec 2023 00:37:35 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202311090741476FBB80937B5704CB6340
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
010da14834b50aeeab1e863855d31f94692b38b0daedaa7d7b39d916a8a56affc8313f30269086590ab1db4a8f3281ecc57b4f6f8db069a33eb1018cdd5c4b6d46ce2d7db5765f0168a9f7d083693f9061e2ac36dcfdc779e006d6b33530f71d11
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=3
content-length
116829
identify_bb163.js
analytics.tiktok.com/i18n/pixel/static/ 		135 KB
36 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_bb163.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-akamai-request-id
4b22dfd8
date
Sat, 16 Dec 2023 00:37:35 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
20231109073240BA7FB29E2EC5DCDAF430
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0152cbb57cf343c42dab70d3785ac78fa87f4a17b718201cff0799ebc31360dc2de0f515ddffc1b0e3e2f281cd85b1f3d13a719f74a03bfaad9e02ebbcc559ef11649226bac5650fb96ca526cf4230b74f29adf59c30c4a1f97ba04eba36a53a02
server-timing
cdn-cache; desc=HIT, edge; dur=0, inner; dur=4
content-length
36217
monitor
analytics.tiktok.com/api/v2/ 		0
841 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
d1a2f23.4b22e004
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-23121600373537E51F3B9B2E1DD2E71A-40FB16D87C9A2CA8-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
93,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=87, origin; dur=9, inner; dur=6
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2023121600373537E51F3B9B2E1DD2E71A
x-cache-remote
TCP_MISS from a168-143-243-26.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
9,168.143.243.26
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e3660dde200d943911910ca9be9844edc62c457c8403cd79184dc3b9d16d87fab28fbf3614f272994b71f08f9c6f3b9f04521ff2233af31b2e66d2754e8508112e44d849900d7d8114b2d07f63c39cfdd90ada553a08a4cfaa501d55c2db3f23ef390
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
844 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3594e241.4b22e006
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2312160037358CA9BA0BF9C8E55D43BE-5338F9AAC5BB7590-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
99,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=90, origin; dur=12, inner; dur=9
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202312160037358CA9BA0BF9C8E55D43BE
x-cache-remote
TCP_MISS from a23-218-223-77.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
12,23.218.223.77
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65fe1c922c1339e51abc9dd79abb7fdbddafb42ef0447b015656ad55760369c415f4cfb74a2d7c592508c9711e76aeb70e3b1e2c6b13d8e50eb3d4daccc2035c7cdef4a865dc4fc4d2c69c55b5e204484ce
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
848 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
192b9303.4b22e008
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2312160037355A48DC348E7A8B23E40D-39B4B4CE9D76DEDE-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
281,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=90, origin; dur=195, inner; dur=192
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202312160037355A48DC348E7A8B23E40D
x-cache-remote
TCP_MISS from a23-218-223-80.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
195,23.218.223.80
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65f1312ffcc5f8cbc6914cd48454369e573bd1d3a1977c6b41668d1ddf2c06d4c1257a8cbfe86a54b2e841423bc2d1453d664df5ec8af5239c1b7b7fa6f72b27afaa289b552af05f8cc8c788ee59781fba4
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
703 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
4b22e016
date
Sat, 16 Dec 2023 00:37:36 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-231216003735A66E532578C7504D3DA8-3AC9DE2CBD92E5AF-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=119, cdn-cache; desc=MISS, edge; dur=4, origin; dur=487
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231216003735A66E532578C7504D3DA8
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
487,184.86.102.95
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e366070e8ab6d27e68a82fe1dc2908c2e91f976f27c28622cb2e09ada256d361dc622504c984be540b49aab0b59bbf073112b097a8dc4c6912d91a14e15a678d22d17f956dd3459de523f05a24fb2ae1199bd
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:36 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
840 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
75237f70.4b22e02c
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-231216003735431F63EF0AA4212DC4C0-586F77945A142BAA-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
96,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=90, origin; dur=9, inner; dur=7
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231216003735431F63EF0AA4212DC4C0
x-cache-remote
TCP_MISS from a23-218-223-70.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
10,23.218.223.70
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65fdec3f9e068610344a831152dd0a03a375edfd62a05109665698c6dcf692f2f3b2862a8d16cbc13b355f624d7d01b53c780528368ccdb484bfe5dc6dd20cd263e2e6dd18752ff56e8ca7555d708c7c8c8
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
701 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
4b22e02d
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-23121600373543BED53B87BF8242C914-42AFFA94AD158172-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=5, cdn-cache; desc=MISS, edge; dur=17, origin; dur=95
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2023121600373543BED53B87BF8242C914
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
95,184.86.102.95
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e366070e8ab6d27e68a82fe1dc2908c2e91f993633cbe07e32c312d49a8f494e2fc29b08d34e3c0d733022d44f7b72d0170d2a96fd985985648713746a66b572e69c2632c011524df675a58ab839e760609fd
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
monitor
analytics.tiktok.com/api/v2/ 		0
702 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
4b22e040
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2312160037350F92D37CEEFAECDD4F3B-5289D02F94BE5764-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
server-timing
inner; dur=7, cdn-cache; desc=MISS, edge; dur=3, origin; dur=98
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202312160037350F92D37CEEFAECDD4F3B
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
98,184.86.102.95
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e366070e8ab6d27e68a82fe1dc2908c2e91f9beaaedd3fa058e2509bf58e398781fdb73d8bb776176c334092c38669dcb01a8f313d4b9bba09c466c4dc27a56e3d49077224e3be62d7fca9334fae6a96d2f47
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
pangle_pixel
analytics.pangle-ads.com/api/v2/ 		0
961 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.pangle-ads.com/api/v2/pangle_pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.16.62.104 Düsseldorf, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-16-62-104.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
4a643395.1543c95
date
Sat, 16 Dec 2023 00:37:35 GMT
x-bytefaas-request-id
20231216003735DC102F660D05F7495F33
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-231216003735DC102F660D05F7495F33-1F7F2E97C8976EE9-00
x-cache
TCP_MISS from a2-16-62-100.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
x-parent-response-time
91,2.16.62.100
server-timing
cdn-cache; desc=MISS, edge; dur=82, origin; dur=9, inner; dur=7
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231216003735DC102F660D05F7495F33
x-cache-remote
TCP_MISS from a23-218-219-15.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52668873) (-)
access-control-max-age
86400
access-control-allow-methods
*
content-type
text/plain; charset=utf-8
access-control-allow-origin
*
x-bytefaas-execution-duration
5.27
cache-control
max-age=0, no-cache, no-store
access-control-allow-credentials
true
x-gw-dst-psm
ad.union.pangle_web_traffic
x-tt-trace-host
016d77b26dd86e25531c9e1cdefa978aa468b64a5df5b3bda658badab923a63ea080ea100b41adaf887875dd6bc1992f745df755f3517e95a5e6b3c0215167ee841b459682ab413d8a0877db41035aa02bb59672307595964eeeb24e48e1c0e06aec1d61ad052ccdca3b89404209a274f1
x-origin-response-time
10,23.218.219.15
access-control-allow-headers
*
expires
Sat, 16 Dec 2023 00:37:35 GMT
pixel
analytics.tiktok.com/api/v2/ 		0
846 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
3f289506.4b22e041
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-231216003735816FCCF57E3902C5C8DF-58939BE4C93C901E-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
165,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=94, origin; dur=76, inner; dur=73
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231216003735816FCCF57E3902C5C8DF
x-cache-remote
TCP_MISS from a23-218-223-89.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
76,23.218.223.89
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65f8297864d51172120d4035718b574f66c9e260a52847d62c07f43c560c63056064dc18297ebae7e29176ccf5b166551d2f6f65e413ebe4dd195a51e11a9b2ed2e57e57cd1f97cddd721a0c09b52839fb5
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
collect
x.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.20/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Sat, 16 Dec 2023 00:37:35 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
monitor
analytics.tiktok.com/api/v2/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/monitor
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
192b93de.4b22e042
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-231216003735EA32A6B775B8D156A5DA-5977238250861CAA-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
177,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=90, origin; dur=91, inner; dur=87
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
20231216003735EA32A6B775B8D156A5DA
x-cache-remote
TCP_MISS from a23-218-223-80.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
91,23.218.223.80
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65f1312ffcc5f8cbc6914cd48454369e573c68bdcc3092915aeb6177b07ee0cf6bd150843abf48c2fc50f00af1e2e20739c6771287a41a5381f484fa987f995a6c2c1940e6b616ccff1a77a6ec6f3bbe74e
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
843 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdjYzNiZDU2NQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
184.86.103.95 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a184-86-103-95.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
14369b37.4b22e17a
date
Sat, 16 Dec 2023 00:37:35 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-23121600373503D53B4CF24F689210F0-0AD50CFA5B3EBB95-00
x-cache
TCP_MISS from a184-86-102-95.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
x-parent-response-time
113,184.86.102.95
server-timing
cdn-cache; desc=MISS, edge; dur=88, origin; dur=30, inner; dur=27
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
2023121600373503D53B4CF24F689210F0
x-cache-remote
TCP_MISS from a23-48-100-71.deploy.akamaitechnologies.com (AkamaiGHost/11.3.3-52660090) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
30,23.48.100.71
x-tt-trace-host
013de2ff59b67152c9e07fa2f4ad3e36603eddfa4f6939de7f5c2c2684a868e65f41d5e2e09d19b194c93559b8c91d36530d37c76bfb5ee3524866b39a3de0ba8192a9484150c63cb15d6a30ccda8d3699e1ae1b9341ff3f0f337c02c433abf398ea5b4835ea361033a61dbccd5e9e555c
access-control-allow-headers
Authorization,*
expires
Sat, 16 Dec 2023 00:37:35 GMT
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbd608821e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:36 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id
wwYwlS-Rs9ltZXmwCKQyEzB7gR5T5twt2tP3y1APNPa0aSt4984FrQ==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230130-FRA
x-timer
S1702687056.361792,VS0,VE0
b41b683f-abf4-46d7-a75c-07aed9c4389a
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/b41b683f-abf4-46d7-a75c-07aed9c4389a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbd608811e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:36 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
x-amz-cf-id
5D4HxDt-rGEjtCVwAdUUGVOU2Wo_TrW7PozkZQsSVlNNI15K-pKa5A==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230075-FRA
x-timer
S1702687056.468402,VS0,VE0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
splitChanges
features.monarchmoney.com/sdk/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbd608841e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:36 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id
R2Nif8sv_jVIAa_VI6qKhC0oxg7JFqb8oao7_jqeh1Uu469uhoytuA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230095-FRA
x-timer
S1702687056.413524,VS0,VE0
/
sentry.io/api/4279731/envelope/ 		2 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.186.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.monarchmoney.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		578 KB
161 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
078bf7ab9259b17da82e42ba24d0b72122634786c7f9a9fa5481dbc053c9154d
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sat, 16 Dec 2023 00:37:36 GMT
via
1.1 varnish
age
36
x-cache
HIT
content-length
164187
x-request-id
1c01729b-6a3b-4d77-a6d8-4b5665b542a0
x-served-by
cache-cph2320022-CPH
last-modified
Fri, 15 Dec 2023 21:43:45 GMT
server
Fastly
etag
"a7cf8de55fcf01341058dbe46f722e4c"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
2
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
535 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
124362
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kiad7000133-IAD, cache-fra-eddf8230087-FRA
server
cloudflare
x-timer
S1702687056.412642,VS0,VE1
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100095-IAD-19d79db3-c101-42d8-9630-332c1c87ffda; cache-fra-etou8220049-FRA-346809bd-d224-4ada-adc3-ca1b502a181e
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbd668d01e54-FRA
x-amz-cf-id
KMVa0yD49Zun9x7R1wOl5x-T_Bld8NP7VVsmFYhpsiztK7qmayRFWg==
x-cache-hits
88, 1
b41b683f-abf4-46d7-a75c-07aed9c4389a
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
335 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/b41b683f-abf4-46d7-a75c-07aed9c4389a
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
0
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kjyo7100043-IAD, cache-fra-etou8220071-FRA
server
cloudflare
x-timer
S1702687057.517686,VS0,VE98
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100043-IAD-0ef83525-268c-4a26-b3db-b21a0b8491b0; cache-fra-etou8220071-FRA-8884714b-f39f-4731-9407-071a32e39bc9
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbd719381e54-FRA
x-amz-cf-id
M4DmT-kKljumIkB-tjY7Pb7MXt7Mw749eh_Q1nvzECdHm6K8PKCXdA==
x-cache-hits
0, 0
collect
x.clarity.ms/ 		0
0
collect
x.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Sat, 16 Dec 2023 00:37:36 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
avatar@2x.9c1a2268.png
app.monarchmoney.com/static/media/ 		1 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/static/media/avatar@2x.9c1a2268.png
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://app.monarchmoney.com/login?route=%2Fplan
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-length
1194
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"4aa-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
image/png
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8362dbd5cec26997-FRA
4573989a4723824e0cb8152c3a4a2c6c.woff2
app.monarchmoney.com/ 		35 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/4573989a4723824e0cb8152c3a4a2c6c.woff2
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.monarchmoney.com/login?route=%2Fplan
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-length
35489
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"8aa1-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
font/woff2
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8362dbd5cec46997-FRA
237bc1ff0573dfc350e296498f6a261f.woff2
app.monarchmoney.com/ 		36 KB
41 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/237bc1ff0573dfc350e296498f6a261f.woff2
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.monarchmoney.com/login?route=%2Fplan
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-length
36525
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"8ead-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
font/woff2
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8362dbd5cec56997-FRA
97f801ec0e6b51aef1c0ebbbe32b18a9.ttf
app.monarchmoney.com/ 		25 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/97f801ec0e6b51aef1c0ebbbe32b18a9.ttf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36b81b9b64f11e110bca24fb4f4b542f3d0433362cf83e1d341e229430483728
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.monarchmoney.com/login?route=%2Fplan
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"6400-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
font/ttf
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbd5cec76997-FRA
snippet.js
static.zdassets.com/ekr/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.9a8fe010.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
x-amz-version-id
hKEbdq289Xo7bHrM.yPFOdJ37r5nFwfe
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
Y5X5GZE4HHG839TQ
age
7
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
RM/Xac5Ym6vCMgnmpw9hjjs3KfZK3vW5efXyKCw7LBOUVq20xYHf3f8s4U7Ck3vb4ECb2EVGf+z9D+kU2IvFFQ==
last-modified
Wed, 09 Aug 2023 01:01:02 GMT
server
cloudflare
etag
W/"42d94c325a0b012e41f9c3907853625a"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=ImN2DTgcYEZ2HOyavkIuE5M60NFCqXlzDwFAIjvL7%2BVp8iaSk0p2BEQd4ogVOuODvYrOQlfe5FRifmLfl2uHvlxIKADKNalbZLy6CATrpGGs26EFFedHhgNwlXGhFGnNqlGseQM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
cf-ray
8362dbd66ee0bb67-FRA
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
events-script
events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 		108 KB
29 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2240:9000:9:a6e8:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
f7cb32f2610263e875906526842a955a7d5efebc7176720f0acd92ef5f214d80

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id
bw5EBuo5g45tH41kazU0JFDxOxIUdnmY
content-encoding
br
via
1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront), 1.1 06a27d66e25d02ebcfb014b9d194016a.cloudfront.net (CloudFront)
date
Sat, 16 Dec 2023 00:37:37 GMT
x-amz-cf-pop
FRA6-C1, FRA60-P1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 05 Dec 2023 14:54:48 GMT
server
AmazonS3
etag
W/"93349e3a9c851191108c864e6b73294a"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
si-LZs_c15rvOqnOR22-ZI4Zg5k4YuWphNbypfLPSloien-UvbsnJw==
client
accounts.google.com/gsi/ 		207 KB
80 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c02::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
c931f1812e6d7938bd2642c4064c20c12fb60eb33ec1495eedd4027b15477161
Security Headers
Name Value
Content-Security-Policy require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-TCPZokY8b-59wOvr008FxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, script-src 'report-sample' 'nonce-TCPZokY8b-59wOvr008FxA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Sat, 16 Dec 2023 00:37:36 GMT
appleid.auth.js
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 		42 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.9a8fe010.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.30.208.159 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-208-159.deploy.static.akamaitechnologies.com
Software
Apple /
Resource Hash
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Date
Sat, 16 Dec 2023 00:37:36 GMT
Last-Modified
Thu, 14 Dec 2023 19:26:01 GMT
Server
Apple
ETag
W/"43171-1702581961384"
Vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400,stale-while-revalidate=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17356
splitChanges
features.monarchmoney.com/sdk/api/ 		183 KB
11 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=-1
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9e4c08a4eb3dd4c390881735fe69fbe123bf41e1f4783b72242336fdfd36b254
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
0
x-cache
Miss from cloudfront
content-length
10511
x-served-by
cache-iad-kiad7000096-IAD, cache-fra-eddf8230075-FRA
last-modified
Fri, 15 Dec 2023 17:20:35 GMT
server
cloudflare
x-timer
S1702687056.469081,VS0,VE108
etag
"1702660835053"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kiad7000096-IAD-48e2bcf7-c6b1-43ed-a52e-f07feca6f6a3; cache-fra-eddf8230075-FRA-7de5fe50-e504-44e5-8f66-5fae74895855
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbd6c8ff1e54-FRA
x-amz-cf-id
d2F4PF5jaAP-gWenDvbhzNdEH4Fg1vj8tf05_vWzK7r07K--E7g5jw==
x-cache-hits
0, 0
butterfly-logo.svg
app.monarchmoney.com/ 		859 B
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/butterfly-logo.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"35b-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbd5fedc6997-FRA
logo-color.svg
app.monarchmoney.com/ 		4 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/logo-color.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:19:22 GMT
server
cloudflare
etag
W/"111d-18c6eeb4690"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbd5fedd6997-FRA
87b63b5f14d9af4face75d62804227dd.svg
app.monarchmoney.com/ 		704 B
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/87b63b5f14d9af4face75d62804227dd.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"2c0-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbd5fedf6997-FRA
5a362cc023a1c8ca4d87a0f015ec5408.svg
app.monarchmoney.com/ 		1 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/5a362cc023a1c8ca4d87a0f015ec5408.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D
referrer-policy
no-referrer
last-modified
Fri, 15 Dec 2023 19:27:42 GMT
server
cloudflare
etag
W/"45d-18c6ef2e7b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1702687056&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CAWU8jHz%2Fn9ReNDjkXkYLGXLmz5NArCe7bGKkWfThyY%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8362dbd5fee06997-FRA
auth
features.monarchmoney.com/auth/api/ 		714 B
679 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=b41b683f-abf4-46d7-a75c-07aed9c4389a
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e2460191aa9c89399375950a6885605ec93f7caf62706d752c743f825723f455
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=15770000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
via
1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
cf-cache-status
DYNAMIC
x-amz-cf-pop
FRA56-P6
content-encoding
gzip
x-cache
Miss from cloudfront
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.monarchmoney.com
access-control-allow-credentials
true
cf-ray
8362dbd87a3b1e54-FRA
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
x-amz-cf-id
Fk2ab3uKGE2N8zcnwCbY0r0N70IgP6IAngqknNaIQ9fER-wp8s9_3g==
auth
features.monarchmoney.com/auth/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=b41b683f-abf4-46d7-a75c-07aed9c4389a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
cf-cache-status
DYNAMIC
cf-ray
8362dbd648a31e54-FRA
content-length
4
content-security-policy
frame-ancestors 'self'
content-type
application/json; charset=utf-8
date
Sat, 16 Dec 2023 00:37:36 GMT
server
cloudflare
strict-transport-security
max-age=15770000; includeSubDomains
via
1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id
MV34qm1wm6og8Z7-q_Ld8qYMOG2htrpABaHeJlfAdHxd0kSZW48Aow==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
event
sdk-api-v1.singular.net/api/v1/ 		51 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1702687056&event_id=ecc2bf53-30b6-499e-9383-4ea57903eda9&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=721d11bc-466a-4b02-a7a7-d8c72db2bbb9&sdid=ce446053-aa00-446c-b480-5eb107d182ce&storage_type=local&timezone=GMT%2B0100&touchpoint_timestamp=1702687056&u=ce446053-aa00-446c-b480-5eb107d182ce&n=__PAGE_VISIT__&is_revenue_event=false&s=b4aa52e4-a659-4c98-a7f0-4b70a270e04d&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Windows&lag=0&h=3bd79c2b796a53704d52b3f7a9fc35c414f1b51e
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.74.67 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-74-67.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:36 GMT
apsalar-extra
security hash failed
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
access-control-allow-headers
Content-Type, Content-Length
content-length
51
expires
Sat, 16 Dec 2023 00:37:36 GMT
event
sdk-api-v1.singular.net/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1702687056&event_id=ecc2bf53-30b6-499e-9383-4ea57903eda9&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=721d11bc-466a-4b02-a7a7-d8c72db2bbb9&sdid=ce446053-aa00-446c-b480-5eb107d182ce&storage_type=local&timezone=GMT%2B0100&touchpoint_timestamp=1702687056&u=ce446053-aa00-446c-b480-5eb107d182ce&n=__PAGE_VISIT__&is_revenue_event=false&s=b4aa52e4-a659-4c98-a7f0-4b70a270e04d&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Windows&lag=0&h=3bd79c2b796a53704d52b3f7a9fc35c414f1b51e
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.74.67 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-21-74-67.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Content-Length
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
0
date
Sat, 16 Dec 2023 00:37:36 GMT
expires
Sat, 16 Dec 2023 00:37:36 GMT
pragma
no-cache
vary
Accept-Encoding
d8d33592-cf5c-4ae3-ae8f-553657823fbf
ekr.zdassets.com/compose/ 		493 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/d8d33592-cf5c-4ae3-ae8f-553657823fbf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
357b610b8e37105c24829261a29a8056518d10e0634585abae7e69dfadbd99d9
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
status
200 OK
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
8308f934ff7b5ec6-SEA, 8308f934ff7b5ec6-SEA
x-runtime
0.009480
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"357b610b8e37105c24829261a29a8056"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pFpk0Fk9gt%2FYEju1WMVjI5GT9Fm%2BsnsUArDjY9EQVInMdoN8b3WQpZPSxX4b0hIL%2BRsXao5fFnePu6kx1iwkIoiERpWoKJX7npuZBiblNOKNh76wcqajEjQEX8%2FFiLigzKw%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
8362dbd71d9d39c7-FRA
collect
x.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Sat, 16 Dec 2023 00:37:36 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
web-widget-main-1bfc6fa.js
static.zdassets.com/web_widget/classic/latest/ Frame DAD2 		923 KB
265 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
87aa0db99819433799e0809f0e7b490be1940f744e701321b7f31e09a7da63a2
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
x-amz-version-id
PAflfXOdiQDrMRVYun69YoketTkl1xNU
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
1BPBW7W4HNMQNRZQ
age
942519
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
wfPEdY9k/zcvsIza71zRAfGSA06ccGjnyFntR/pEQA5wKZJx4KMSIhZ1mIOYvRkIKiOLJAwMzi4=
last-modified
Tue, 05 Dec 2023 00:24:10 GMT
server
cloudflare
etag
W/"6f8511a72c96db8b22e6373718b842ed"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=KSZwu6pW165h5heAZ3raDLUwuGlV1q3J44Y1izHvSpzpOz1T9qg1%2Fxhi2qYhqp2HbJ5b1VxdV9sgdr9oUdJgUKMx6Z9VzUX7OFKYjLZbHMlioiQGhj3HRae2hxZdl%2FcRD7KHTmk%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8362dbd86ff5bb67-FRA
expires
Wed, 04 Dec 2024 00:24:09 GMT
en-us-json-1bfc6fa.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame DAD2 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-1bfc6fa.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:36 GMT
x-amz-version-id
Xo1h7j84vGmG9Gk_pCcj7jCQD2BwGUUO
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
1BPFGS4SBCJ216KA
age
942516
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
KPhHQZ5iIGydSOF/FRCx8eCn3ImV7hM3qo3KWavgH4MUbCLy67WRA+HVKMqLOfRNXjGgWGdXoIE=
last-modified
Tue, 05 Dec 2023 00:24:12 GMT
server
cloudflare
etag
W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=AmqRk3hgKaCtkW0bNc4xjX3IMlP0BAuYDV7alnEI9coSHA%2BSa0KhSW7tzz41BoC3FI2BfonarCDFyFu%2BmWF3OBMNlcrGuFNZFo7FKNCwPK3C8cV2UsU52bNSR9A8ElU67LQSpiA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8362dbd988aabb67-FRA
expires
Wed, 04 Dec 2024 00:24:11 GMT
config
monarchmoney.zendesk.com/embeddable/ Frame DAD2 		155 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://monarchmoney.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-1bfc6fa.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-854d5f455-h2947
x-cached
MISS
x-request-id
8362dbda1fb61c36-FRA
x-runtime
0.001435
last-modified
Fri, 15 Dec 2023 21:00:46 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=dhkmjkyZwlN9W2jV2m%2BWXPZBGBNw8xyoOidKCiF15SjlDL4%2FXUUP2bm%2BBhihsz7crwKZoO2FkrDJs7gDhcwhkZG0SmGorTPHmUXg36roM7%2FjteVdzN2wmlaKLox4LWCWuHjEwkS8DK3yPQ%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
8362dbda1fb61c36-FRA
sse
streaming.split.io/ 		472 B
0 		EventSource
General
Check archive.org
Download Go to
Full URL
https://streaming.split.io/sse?channels=Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTY3MTQ0NDk2OA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_NDAxOTAwNDY4NA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UWTNNVFEwTkRrMk9BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X05EQXhPVEF3TkRZNE5BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X3NwbGl0c1wiOltcInN1YnNjcmliZVwiXSxcImNvbnRyb2xfcHJpXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl0sXCJjb250cm9sX3NlY1wiOltcInN1YnNjcmliZVwiLFwiY2hhbm5lbC1tZXRhZGF0YTpwdWJsaXNoZXJzXCJdfSIsIngtYWJseS1jbGllbnRJZCI6ImNsaWVudElkIiwiZXhwIjoxNzAyNjkwNjU2LCJpYXQiOjE3MDI2ODcwNTZ9.6-AhTKGtHiFoyMKrUsU2q_PhOZnIjAGCo3KASWO0xBI&v=1.1&heartbeats=true
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fplan
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.95.34 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-95-34.prg50.r.cloudfront.net
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-/yNlf29RqDcjt2w39S21aaPKzBXq8LKu9qSh8jhbYx0='; frame-ancestors 'self'; frame-src status.ably.com
X-Content-Type-Options nosniff

Request headers

Accept
text/event-stream
Cache-Control
no-cache
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'sha256-/yNlf29RqDcjt2w39S21aaPKzBXq8LKu9qSh8jhbYx0='; frame-ancestors 'self'; frame-src status.ably.com
date
Sat, 16 Dec 2023 00:37:37 GMT
x-content-type-options
nosniff
via
1.1 7df0d6b4ce8f8b155434dd5d830b76be.cloudfront.net (CloudFront)
x-ably-cluster
production:split
x-amz-cf-pop
PRG50-C1
x-cache
Miss from cloudfront
referrer-policy
no-referrer
vary
Origin
x-ably-serverid
frontend.487e.4.eu-central-1-A.i-0886334cd43756ca1.e91ZX9b3gBWP3J
content-type
text/event-stream
access-control-allow-origin
https://app.monarchmoney.com
access-control-expose-headers
Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials
true
x-robots-tag
noindex
x-amz-cf-id
Ku25ej8RXwlrYJHtMs9aANbUhaWZOD-BDecFSEXx_UD3TQaXxY79ZA==
settings
cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/settings
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
876cbfbb19cd4a11fc28c7ec84e66d6e4af1d01a9b61d48e016055250980a5c5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

x-amz-version-id
hTgibslySZ8m_8XxqGTuVUFGZFowddaW
content-encoding
br
via
1.1 ca6609f4a83e693c532f54c00146f5f8.cloudfront.net (CloudFront)
date
Fri, 15 Dec 2023 22:03:14 GMT
x-amz-cf-pop
PRG50-C1
age
9263
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sat, 18 Nov 2023 04:54:30 GMT
server
AmazonS3
etag
W/"64986740fb91215e6de5e55f1bebdc51"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
_FBn3vh2S-8Aa9zFy1SFw7L-hF3cccMQVIoMC97Tsw9EFP1V3tLOtQ==
config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.89.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-89-137.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-headers
content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Sat, 16 Dec 2023 00:37:37 GMT
server
istio-envoy
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
vary
Access-Control-Request-Headers
x-envoy-upstream-service-time
1
config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ 		867 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
50.19.89.137 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-50-19-89-137.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
3b9099c034d83441fb289a449c2f3f65d648e270128ec3b5a70f2c458d59c44a

Request headers

x-ul-visitor-id
a1e426cb-1dd1-42a9-9908-d06eef530a15
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json
x-ul-installation-method
web-snippet
Referer
x-ul-sdk-version
2.24.11
x-ul-environment-id
jhOvgs1si6
userleap-platform
web

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
server
istio-envoy
etag
W/"363-E52DN0GpSaIiC+q2lhycVCVdwdQ"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
3
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length
867
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&RedC=c.clarity.ms&MXFR=15A3A52311BA6B800757B6CA15BA65CA
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&MUID=3CBE5589D18C6C8C0B304660D08C6D7C
42 B
443 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&MUID=3CBE5589D18C6C8C0B304660D08C6D7C
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:37 GMT
last-modified
Tue, 12 Dec 2023 19:03:29 GMT
server
Microsoft-IIS/10.0
etag
"e8d91e42d2dda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 93956F63A39E46DC86E135C60BAFD1B5 Ref B: FRAEDGE1717 Ref C: 2023-12-16T00:37:37Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=9488987ABDEA48CBBACF33D70C698D95&MUID=3CBE5589D18C6C8C0B304660D08C6D7C
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
m-outer-27c67c0d52761104439bb051c7856ab1.html
js.stripe.com/v3/ Frame A579 		200 B
841 B 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
8478797
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 16 Dec 2023 00:37:37 GMT
etag
"27c67c0d52761104439bb051c7856ab1"
last-modified
Fri, 08 Sep 2023 21:23:50 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
436889
x-content-type-options
nosniff
x-request-id
a37902dc-965e-48cd-9c0b-1a7b9752dbc9
x-served-by
cache-cph2320022-CPH
csp-report
q.stripe.com/ Frame A579 		0
718 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702687057747428
x-envoy-upstream-service-time
1
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
0
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1702687057746985
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
csp-report
q.stripe.com/ Frame A579 		0
717 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702687057748208
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
access-control-max-age
3600
access-control-allow-methods
GET, POST, OPTIONS
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://js.stripe.com
x-stripe-client-envoy-start-time-us
1702687057747057
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-expose-headers
Server, Range, Content-Type
x-robots-tag
none
access-control-allow-headers
Authorization, Content-Type, Accept, Origin, User-Agent, DNT, Cache-Control, Keep-Alive, X-Requested-With, If-Modified-Since, Range, X-Stripe-Csrf-Token
expires
0
m-outer-6576085ca35ee42f2f484cda6763e4aa.js
js.stripe.com/v3/fingerprinted/js/ Frame A579 		631 B
534 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://js.stripe.com/v3/m-outer-27c67c0d52761104439bb051c7856ab1.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Sat, 16 Dec 2023 00:37:37 GMT
via
1.1 varnish
age
8478795
x-cache
HIT
content-length
399
x-request-id
437c1898-7b01-4c5e-a9e7-0689ece5d806
x-served-by
cache-cph2320022-CPH
last-modified
Fri, 08 Sep 2023 21:23:49 GMT
server
Fastly
etag
"70cacf09ae81711ac6dcbc5ee59750c4"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
393813
inner.html
m.stripe.network/ Frame B5CE 		930 B
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/inner.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3/fingerprinted/js/m-outer-6576085ca35ee42f2f484cda6763e4aa.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:3400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://js.stripe.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

accept-ranges
bytes
age
98
cache-control
max-age=300, public
content-length
930
content-security-policy
base-uri 'none'; connect-src https://m.stripe.network https://m.stripe.com; default-src 'none'; font-src https://m.stripe.network https://fonts.gstatic.com; form-action 'none'; frame-src https://m.stripe.network https://js.stripe.com; img-src https://m.stripe.network https://m.stripe.com https://b.stripecdn.com; script-src https://m.stripe.network 'sha256-/5Guo2nzv5n/w6ukZpOBZOtTJBJPSkJ6mhHpnBgm3Ls='; style-src https://m.stripe.network; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Sat, 16 Dec 2023 00:35:59 GMT
etag
"06bfcd88af438673a8bf9b845a11aa6e"
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
strict-transport-security
max-age=31556926; includeSubDomains; preload
vary
Accept-Encoding, Origin
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
x-amz-cf-id
aagPHA1bNd2fFb2nCnT8z3NXm2mW_fiCUmRfN2mHFqGDW5fXSSm9mg==
x-amz-cf-pop
FRA6-C1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
870.bundle.6e2976b75e60ab2b2bf8.js
cdn.segment.com/analytics-next/bundles/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/870.bundle.6e2976b75e60ab2b2bf8.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 20 Oct 2023 23:26:36 GMT
x-amz-version-id
e10pNYxaA2K9VdWHB.mlUiu2r7gtWXTI
content-encoding
br
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
4842661
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 20 Oct 2023 22:35:45 GMT
server
AmazonS3
etag
W/"69ff6d99504e355f116e0d507f3dcf2b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
VNwU4FOy2N_kkJ6CdhaIR8a40T7ziiMEtAca6kfzQe-bpq5Umx6qPg==
tsub-middleware.bundle.77315eced46c5ae4c052.js
cdn.segment.com/analytics-next/bundles/ 		568 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/tsub-middleware.bundle.77315eced46c5ae4c052.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Thu, 14 Dec 2023 23:11:55 GMT
x-amz-version-id
oNr..EuxVUXBRImcEvz9HKgf0DyxzmRP
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
91543
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
568
last-modified
Thu, 14 Dec 2023 21:42:44 GMT
server
AmazonS3
etag
"2e2a6826c25f4a2f22f0112c0e467584"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
HR8bJp48Dgf5XiH_mJOf_g_VE4LM1KYChrug8LUMi5iTMmQRDiY6tA==
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbdc2d9f1e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:37 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id
qnmX-MRivsb7f-njsVD-oX9M9f-YOkjxIGkbZB_GKmNqYQXuhHmWAw==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230138-FRA
x-timer
S1702687057.320931,VS0,VE0
b41b683f-abf4-46d7-a75c-07aed9c4389a
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/b41b683f-abf4-46d7-a75c-07aed9c4389a
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbdc2da11e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:37 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-id
Lb18AycEAyKQ84Qbb8GsI7f5KNtorPKQRBtKqIU0hCSZKHyoQlXHlA==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230025-FRA
x-timer
S1702687057.318131,VS0,VE0
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
507 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 e016ea20838aeed1d878a5244c9e2552.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
124363
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kiad7000133-IAD, cache-fra-eddf8230029-FRA
server
cloudflare
x-timer
S1702687057.367613,VS0,VE1
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100095-IAD-19d79db3-c101-42d8-9630-332c1c87ffda; cache-fra-etou8220049-FRA-346809bd-d224-4ada-adc3-ca1b502a181e
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbdc7dd21e54-FRA
x-amz-cf-id
7h-ZEHh7k-2kIknL0q9aTLE9oD5CFqsdG6Ld6IuhhkU1tDCglkOtCA==
x-cache-hits
88, 1
b41b683f-abf4-46d7-a75c-07aed9c4389a
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
435 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/b41b683f-abf4-46d7-a75c-07aed9c4389a
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
1
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kjyo7100043-IAD, cache-fra-etou8220071-FRA
server
cloudflare
x-timer
S1702687057.370214,VS0,VE0
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100043-IAD-0ef83525-268c-4a26-b3db-b21a0b8491b0; cache-fra-etou8220071-FRA-8884714b-f39f-4731-9407-071a32e39bc9
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbdc7dca1e54-FRA
x-amz-cf-id
Ao8MfCNbRA8gNOzCzLTH8QHwjm_H6F1pgN5rNw-RLTUV2QtBhL-qsg==
x-cache-hits
0, 1
splitChanges
features.monarchmoney.com/sdk/api/ 		56 B
516 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=1702660835053
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
76fe560fb21b3af496f30085882e3b64882762fe449995ccaaab6c0a8abde36a
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 e96aebc8d7c9ec82b88c3160a18fed96.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P6
age
26221
x-cache
Miss from cloudfront
content-length
64
x-served-by
cache-iad-kjyo7100100-IAD, cache-fra-eddf8230104-FRA
last-modified
Fri, 15 Dec 2023 17:20:35 GMT
server
cloudflare
x-timer
S1702687057.369066,VS0,VE1
etag
"1702660835053"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100061-IAD-badbf717-1841-4d94-9b54-cec0059aaf14; cache-fra-etou8220104-FRA-7bc270c6-894f-4580-b0fe-349456bc7a12
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8362dbdc7dd01e54-FRA
x-amz-cf-id
0ChH9_QoI2HeFtgAgTHYOAH3OtHDGqVn8-B87_j-b7CJLinaoZJd0Q==
x-cache-hits
15, 1
splitChanges
features.monarchmoney.com/sdk/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=1702660835053
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8362dbdc2da21e54-FRA
content-length
37
date
Sat, 16 Dec 2023 00:37:37 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 dd09b3b5f5b8dc626e1ba6804a73af40.cloudfront.net (CloudFront)
x-amz-cf-id
sgT6Wh985uy4qWDM9yEpKnHQ2UQh9W5c85gCvOzleGdAeTrn9qCIUw==
x-amz-cf-pop
FRA56-P6
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-fra-eddf8230132-FRA
x-timer
S1702687057.319982,VS0,VE0
csp-report
q.stripe.com/ Frame B5CE 		0
491 B 		Other
General
Check archive.org
Download Go to
Full URL
https://q.stripe.com/csp-report
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/plan
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.187.119.242 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ip-54-187-119-242.stripe.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload, max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702687057747477
x-envoy-upstream-service-time
2
content-length
0
x-stripe-bg-intended-route-color
green
pragma
no-cache
referrer-policy
strict-origin-when-cross-origin
server
nginx
cross-origin-opener-policy
same-origin
x-stripe-server-envoy-upstream-service-time-ms
1
x-stripe-client-envoy-start-time-us
1702687057747088
cache-control
max-age=0, no-cache, no-store, must-revalidate
x-robots-tag
none
expires
0
out-4.5.43.js
m.stripe.network/ Frame B5CE 		87 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://m.stripe.network/out-4.5.43.js
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/inner.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2057:3400:19:7d10:bd80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Cloudfront /
Resource Hash
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://m.stripe.network/inner.html
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:36:04 GMT
content-encoding
br
via
1.1 35c75b7f0ca8c787d67c8ebd22bc7fc2.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
last-modified
Fri, 30 Jun 2023 14:32:28 GMT
server
Cloudfront
age
94
x-content-type-options
nosniff
etag
W/"69cb7809b5011312e716f29b3d19dce6"
x-amz-cf-pop
FRA6-C1
vary
Accept-Encoding, Origin
x-cache
Hit from cloudfront
content-type
text/javascript; charset=utf-8
cache-control
max-age=300, public
x-amz-cf-id
jJvjyCLShxT5Hwx9lxNuYSL4caAoudokTv_bTRucPXGQoT5KBaCJQg==
ajs-destination.bundle.13362ca512563a10e34d.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.13362ca512563a10e34d.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7e4fde2a7e2da4eb11065a29f03b7f68566665515cf79bf4841168b46508dda5

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Mon, 11 Dec 2023 23:27:57 GMT
x-amz-version-id
g.6kAGXA11eREp6JpD51lJMac7Ku36EU
content-encoding
br
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
349781
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 11 Dec 2023 22:58:55 GMT
server
AmazonS3
etag
W/"0dec480089dae7da1834489f95aca4e7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
GOJt-KhrdBdjRPvU-pJQXy4AjYaLkqiq00mzclsCvTQBb8R4Nm2UaA==
6
m.stripe.com/ Frame B5CE 		156 B
668 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://m.stripe.com/6
Requested by
Host: m.stripe.network
URL: https://m.stripe.network/out-4.5.43.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.10.76.194 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-10-76-194.us-west-2.compute.amazonaws.com
Software
nginx /
Resource Hash
10c0370801d401464350a7d48254178a91702cf253fe9b5aaf3db9987d5565cd
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://m.stripe.network/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-stripe-bg-intended-route-color
blue
date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
x-stripe-server-envoy-start-time-us
1702687057965884
server
nginx
content-type
application/json;charset=utf-8
x-stripe-server-envoy-upstream-service-time-ms
1
access-control-allow-origin
https://m.stripe.network
x-stripe-client-envoy-start-time-us
1702687057965680
access-control-allow-credentials
true
access-control-allow-headers
Content-Type
content-length
156
schemaFilter.bundle.f63551a29dc1697f71b6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.f63551a29dc1697f71b6.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 15 Dec 2023 23:32:28 GMT
x-amz-version-id
T0xiK0SXdnmbxijoQmBScA7B1kUGE3RO
content-encoding
br
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
age
3910
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 14 Dec 2023 21:42:44 GMT
server
AmazonS3
etag
W/"2a359f6227308e4ee31623f9381ae1d7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
yOlLscc3cxu3ieQv_bbjQgekhiXaiuelfZJXWpsVXN8Pr-MGJWCxPA==
google-analytics.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fdda2bf7d8e87b5ac90a791a5131a9811c207171107482857b67f6b8329854fb

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 24 Oct 2023 12:21:41 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
K4QGNkPJBd_QhAl8Ep7SDksdcNN7fIa5
x-amz-cf-pop
PRG50-C1
age
4536956
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
4743
last-modified
Wed, 18 Oct 2023 10:36:35 GMT
server
AmazonS3
etag
"36786f75981fc0efd629c4a89e1c78ec"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
uQLPfKJXw4qZBbKgpBHVxrpmevuVhLcZCnlyrGYLRA9Xc6BiSXEnMQ==
facebook-pixel.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 23 Sep 2023 18:18:23 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
DI7LwN6wkvHNW8Y7S0vxRxJB_xwOT0u9
x-amz-cf-pop
PRG50-C1
age
7193955
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3273
last-modified
Wed, 06 Sep 2023 07:09:30 GMT
server
AmazonS3
etag
"4b03a476015c2ba9b9e74e895b97c12c"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
tABCbhetRlSdUIDArSn5Jq61tufFytYJXlQiPPywu0ODG1gUvTU_pw==
adwords.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Tue, 05 Dec 2023 18:28:39 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
.PFTD1mf4T6.cqCzCGDBaoXaZe77x4YA
x-amz-cf-pop
PRG50-C1
age
886139
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1356
last-modified
Wed, 18 Oct 2023 10:36:34 GMT
server
AmazonS3
etag
"257fe81df53dcd4819bc1a81e78fce58"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
Klswn4It2W1HsXY2p8J4tXWWXtDBGf2sEoyOoEQTAm-tHFBOzL8hSQ==
bing-ads.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/bing-ads.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fcc5947420bac95a9ee88dc4782ae6101a53a397e25b582b468979318eb71171

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 23 Sep 2023 21:19:39 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
VNwB.6tfmAerb6XqtfeLOsTfZmp1VFx_
x-amz-cf-pop
PRG50-C1
age
7183079
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1135
last-modified
Wed, 06 Sep 2023 07:09:30 GMT
server
AmazonS3
etag
"9268c923e39afefe912025bc37ceb2f5"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
XV5YU53xZehW3ltVjonawjKjFGevDBhrzNT3Ow7hOKAkAqq1qmLA9Q==
twitter-ads.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/twitter-ads/2.5.2/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/twitter-ads/2.5.2/twitter-ads.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b463c4dd20b3cbc19ec6283dd35a50a10d926c6efe5e0b054fdc5e3b959b6f19

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Fri, 20 Oct 2023 23:40:00 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
IRUMp..Txog6XnEoe6ssJQeATvbGBPIi
x-amz-cf-pop
PRG50-C1
age
4841858
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1969
last-modified
Wed, 18 Oct 2023 10:36:35 GMT
server
AmazonS3
etag
"c8cbba72a05e723659d348e2dd175bb0"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
LLyYyviC7eHoyLwfvqDXeMTmaF3kgPsUR5KTTRyUgj_ctxa3S2bg3g==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.93.192 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-93-192.prg50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Mon, 25 Sep 2023 20:38:53 GMT
content-encoding
gzip
via
1.1 32f35b6a71829a460d6fdae31f270164.cloudfront.net (CloudFront)
x-amz-version-id
xL9wkJ5DiiDnjb74q8TWiOypdsHmb3qW
x-amz-cf-pop
PRG50-C1
age
7012725
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Wed, 06 Sep 2023 07:09:28 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
E9l96aXL4_c7mP0GiqGX-v1XqdIooAW_wqTpR0zS5UkH65FxwLFJ-A==
conversion_async.js
www.googleadservices.com/pagead/ 		46 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
eb4d2ef94e9383ff9e37d6cd3d88118195a319ce8baefe31572b9fa40d19b925
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
16833
x-xss-protection
0
server
cafe
etag
17748642488193480474
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Sat, 16 Dec 2023 00:37:37 GMT
fbevents.js
connect.facebook.net/en_US/ 		202 KB
54 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 16 Dec 2023 00:37:37 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
54273
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
jauRcru1hiLXZGXWdigUJLXBQy626wzbdTmgKUAnaIwoA6vHWgjGVvnliYsXULVFYRQrcvDkT6YlS+WM4WwLVQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.116.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
gzip
last-modified
Thu, 27 Oct 2022 16:56:53 GMT
etag
"32ad004436155ec972bc50e6238b5b67+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15375
x-served-by
cache-iad-kjyo7100081-IAD, cache-fra-eddf8230116-FRA
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Sat, 16 Dec 2023 00:37:37 GMT
last-modified
Fri, 10 Nov 2023 20:09:55 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 27F4E88090214CFDB711CAF7D06AD265 Ref B: FRAEDGE1717 Ref C: 2023-12-16T00:37:37Z
etag
"80abcdf1114da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13175
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 15 Dec 2023 23:48:14 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2963
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 16 Dec 2023 01:48:14 GMT
p
events-api.monarchmoney.com/v1/ 		21 B
334 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events-api.monarchmoney.com/v1/p
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:3800:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
strict-transport-security
max-age=31536000
via
1.1 d9c696d6d0c92f63870873ced2895baa.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.monarchmoney.com
content-length
21
x-amz-cf-id
CWGaKwMfK94zIhJ31QAUqJDFlHR_7_NXwqpcO8SqgC8glvOp2QlnIA==
collect
x.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Sat, 16 Dec 2023 00:37:37 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
p
events-api.monarchmoney.com/v1/ 		21 B
331 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events-api.monarchmoney.com/v1/p
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2127:3800:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
text/plain

Response headers

date
Sat, 16 Dec 2023 00:37:38 GMT
strict-transport-security
max-age=31536000
via
1.1 d9c696d6d0c92f63870873ced2895baa.cloudfront.net (CloudFront)
x-amz-cf-pop
PRG50-C1
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.monarchmoney.com
content-length
21
x-amz-cf-id
p-RpY9dKJutwnocFFe2gs_6Sprr_Y0X_pYiXoOFDPycy0M5WslGHTA==
137022621.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/137022621.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9457dc4b2bae047d2506e05e6e4231050832895af322a3c0b116991cb87092dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Sat, 16 Dec 2023 00:37:37 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0AEFD4C616C04BAB8CABB092506E3071 Ref B: FRAEDGE1717 Ref C: 2023-12-16T00:37:37Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
js
www.google-analytics.com/gtm/ 		128 KB
50 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=OPT-WL3C999&cid=1757589277.1702687058
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82a::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
0e022353681f27bf7b78dd6bd88549bef13f9f8bc843bec38712d0f76312b69a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
50846
x-xss-protection
0
last-modified
Sat, 16 Dec 2023 00:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 16 Dec 2023 00:37:37 GMT
137022621
www.clarity.ms/tag/uet/ 		692 B
948 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/137022621
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/137022621.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:46::63 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8e9a2eadc686b91281fe93c4fd9e534d78d64e50eb5065faf938d03a14fee270

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

expires
-1
date
Sat, 16 Dec 2023 00:37:37 GMT
x-azure-ref
20231216T003737Z-wmy9z3r3yp02m8q49ac4zyt1z800000008eg00000000kvd7
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
692
request-context
appId=cid-v1:238681e8-7d6b-453a-acb6-7dcad74f3111
2173781372941566
connect.facebook.net/signals/config/ 		133 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2173781372941566?v=2.9.138&r=stable&domain=app.monarchmoney.com
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7a1c3af722a9f49824247901bc0a05d6a390cb81e2a2864f0009ae7c998b8b81
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

permissions-policy-report-only
autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), gamepad=(), keyboard-map=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 16 Dec 2023 00:37:37 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
pragma
public
x-fb-debug
6QzlHn5iZ++6f593d/34cPCZB91eojiZMhTcS725BAv2otr5L5r11TUegnWvaHYZw7qzYkfYpBuEmbje3ounmQ==
cross-origin-opener-policy
same-origin-allow-popups
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/x-javascript; charset=utf-8
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/AW-794001205/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1702687057882&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
9e818a9ff060ae806eb27b4ddccc7d49c3cf806b2e04f2f11803d2d889fda552
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1366
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/AW-794001205/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1702687057885&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.162 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s08-in-f2.1e100.net
Software
cafe /
Resource Hash
f7c2241b1c4d9679d53b3ea97f235282c28d478d8decf4e169332993ef668b55
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:37 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1387
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200...
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_...
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_h...
42 B
108 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI3sL_yduSgwMVBoLeCh3PyQS0&is_vtc=1&ocp_id=UfF8ZZ7WNoaE-gbPk5OgCw&cid=CAQSGwAvHhf_YVNn_Meys3tH6K17mPXLba5Ec8Tjgw&random=35171852&resp=GooglemKTybQhCsO&ipr=y
Protocol
H2
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=2142138776&cv=9&fst=1702687057882&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI3sL_yduSgwMVBoLeCh3PyQS0&is_vtc=1&ocp_id=UfF8ZZ7WNoaE-gbPk5OgCw&cid=CAQSGwAvHhf_YVNn_Meys3tH6K17mPXLba5Ec8Tjgw&random=35171852&resp=GooglemKTybQhCsO&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=...
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=12...
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=120...
42 B
455 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI7MX_yduSgwMVk9gRCB2s2gps&is_vtc=1&ocp_id=UfF8ZazZNpOxx_APrLWr4AY&cid=CAQSGwAvHhf_V48K-Yi4Vmex8sUiH09wC2Ei4zQYSA&random=2894237215&resp=GooglemKTybQhCsO&ipr=y
Protocol
H2
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Sat, 16 Dec 2023 00:37:38 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=663664558&cv=9&fst=1702687057885&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562772%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=60&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fplan&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=&pscrd=IhMI7MX_yduSgwMVk9gRCB2s2gps&is_vtc=1&ocp_id=UfF8ZazZNpOxx_APrLWr4AY&cid=CAQSGwAvHhf_V48K-Yi4Vmex8sUiH09wC2Ei4zQYSA&random=2894237215&resp=GooglemKTybQhCsO&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
x.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://x.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.114.190.119 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Sat, 16 Dec 2023 00:37:40 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:e97341f6-8fff-46a6-9229-fbbfe0892c78
/
evnt.byspotify.com/ 		2 B
18 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/2.2fbacd7c.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Accept
application/json
Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36
Content-Type
application/json

Response headers

date
Sat, 16 Dec 2023 00:37:40 GMT
via
1.1 google
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
false
access-control-allow-headers
Content-Type, Accept
content-length
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
evnt.byspotify.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/120.0.6099.109 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://app.monarchmoney.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Sat, 16 Dec 2023 00:37:40 GMT
via
1.1 google

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
x.clarity.ms
URL
https://x.clarity.ms/collect
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql

Verdicts & Comments Add Verdict or Comment

120 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| documentPictureInPicture object| analytics function| rdt function| spdt string| TiktokAnalyticsObject object| ttq function| clarity string| USERLEAP_ID function| UserLeap object| Plaid object| webpackJsonpPlaid object| webpackJsonpweb object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| Sprig object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks object| SENTRY_RELEASE function| _ object| regeneratorRuntime object| __SENTRY__ function| setImmediate function| clearImmediate object| core function| singularSdk function| SingularConfig function| __extends function| __assign function| __rest function| __decorate function| __param function| __metadata function| __awaiter function| __generator function| __exportStar function| __createBinding function| __values function| __read function| __spread function| __spreadArrays function| __spreadArray function| __await function| __asyncGenerator function| __asyncDelegator function| __asyncValues function| __makeTemplateObject function| __importStar function| __importDefault function| __classPrivateFieldGet function| __classPrivateFieldSet function| Mousetrap object| zEWebpackACJsonp function| zE function| zEmbed object| webpackChunkStripeJSouter function| noop function| Stripe object| AppleID object| default_gsi object| _F_toggles object| google object| closure_lm_670827 boolean| zEACLoaded function| $zopim object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| adwordsDeps function| adwordsLoader object| facebook-pixelDeps function| facebook-pixelLoader object| twitter-adsDeps function| twitter-adsLoader object| bing-adsDeps function| bing-adsLoader object| google-analyticsDeps function| google-analyticsLoader object| webpackJsonp_name_Integration function| adwordsIntegration function| facebook-pixelIntegration function| _fbq function| fbq function| twitter-adsIntegration function| twq function| bing-adsIntegration object| uetq function| google-analyticsIntegration string| GoogleAnalyticsObject function| ga function| UET function| UET_init function| UET_push object| ueto_4559eb7f81 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| twttr object| google_tag_manager object| google_optimize function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| clarityuetq

24 Cookies

Domain/Path Name / Value
.monarchmoney.com/ Name: _rdt_uuid
Value: 1702687055129.c1ef3a53-c862-4e2e-be74-e19f555329dc
app.monarchmoney.com/ Name: __spdt
Value: cb07346cbefc4a58adc17f67e8a32d15
.tiktok.com/ Name: _ttp
Value: 2ZbNwFOf7tDm9L6hDtLBIg814Kg
www.clarity.ms/ Name: CLID
Value: 31296c166e794fd794fa9e2b07fa0d25.20231216.20241215
.monarchmoney.com/ Name: _clck
Value: 1tmkxij%7C2%7Cfhl%7C0%7C1445
.monarchmoney.com/ Name: _tt_enable_cookie
Value: 1
.monarchmoney.com/ Name: _ttp
Value: _N7EyTTsf1UKZiDuwrTWKukHyGx
app.monarchmoney.com/ Name: ajs_anonymous_id
Value: b41b683f-abf4-46d7-a75c-07aed9c4389a
.monarchmoney.com/ Name: singular_device_id
Value: ce446053-aa00-446c-b480-5eb107d182ce
.monarchmoney.com/ Name: _clsk
Value: 4tglv8%7C1702687056874%7C1%7C1%7Cx.clarity.ms%2Fcollect
.monarchmoney.com/ Name: ajs_anonymous_id
Value: b41b683f-abf4-46d7-a75c-07aed9c4389a
.bing.com/ Name: MUID
Value: 3CBE5589D18C6C8C0B304660D08C6D7C
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 3CBE5589D18C6C8C0B304660D08C6D7C
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 3CBE5589D18C6C8C0B304660D08C6D7C
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.monarchmoney.com/ Name: _ga
Value: GA1.2.1757589277.1702687058
.monarchmoney.com/ Name: _gid
Value: GA1.2.1867783687.1702687058
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
m.stripe.com/ Name: m
Value: 837a7aa5-9e97-46da-a20c-c746cce81dd30b7f13
.app.monarchmoney.com/ Name: __stripe_mid
Value: 984281aa-64bc-4d02-933b-1942909622e3a2da34
.app.monarchmoney.com/ Name: __stripe_sid
Value: 9e4a2f97-8ced-4b72-b377-9e81348e7f4a838396

1 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self'".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4279731/security/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_environment=production
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
alb.reddit.com
analytics.pangle-ads.com
analytics.tiktok.com
api.monarchmoney.com
api.sprig.com
app.monarchmoney.com
appleid.cdn-apple.com
bat.bing.com
c.bing.com
c.clarity.ms
cdn.plaid.com
cdn.segment.com
cdn.userleap.com
connect.facebook.net
ekr.zdassets.com
events-api.monarchmoney.com
events-cdn.monarchmoney.com
evnt.byspotify.com
features.monarchmoney.com
googleads.g.doubleclick.net
js.stripe.com
m.stripe.com
m.stripe.network
monarchmoney.zendesk.com
pixel.byspotify.com
q.stripe.com
sdk-api-v1.singular.net
sentry.io
static.ads-twitter.com
static.zdassets.com
streaming.split.io
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.redditstatic.com
x.clarity.ms
api.monarchmoney.com
x.clarity.ms
104.16.53.111
104.18.70.113
104.18.72.113
142.250.186.162
146.75.116.157
151.101.1.140
151.101.128.176
184.30.208.159
184.86.103.95
2.16.62.104
2.21.74.67
20.114.190.119
2600:9000:2057:3400:19:7d10:bd80:93a1
2600:9000:2127:3800:d:cf84:bb40:93a1
2600:9000:2240:9000:9:a6e8:8080:93a1
2606:4700:10::6816:3d79
2606:4700:10::ac43:5c4
2620:1ec:46::63
2620:1ec:c11::200
2a00:1450:4001:803::2003
2a00:1450:4001:810::2004
2a00:1450:4001:82a::200e
2a00:1450:4001:831::2002
2a00:1450:400c:c02::54
2a03:2880:f083:100:face:b00c:0:3
2a04:4e42:400::396
34.111.186.1
34.117.162.98
35.186.247.156
50.19.89.137
52.10.76.194
54.187.119.242
65.9.93.192
65.9.95.34
65.9.95.7
65.9.95.9
68.219.88.97
078bf7ab9259b17da82e42ba24d0b72122634786c7f9a9fa5481dbc053c9154d
0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158
0e022353681f27bf7b78dd6bd88549bef13f9f8bc843bec38712d0f76312b69a
10c0370801d401464350a7d48254178a91702cf253fe9b5aaf3db9987d5565cd
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
20c0114a672ac0b5b31a1c0100543a2306bf389816ab20774b66e8f7b30fb60c
22fd6b8e9d9417522898862517654fef8ab1c1a4322d3b410f52cb2e38fbdd49
2bcc6d8a3ce5d6635877ac053cb215645bfa74d86a1f3fea14d37864d4227347
351ffc2bdf381352dcd801be49be5018361119588eae077650260f9e162fe7b9
357b610b8e37105c24829261a29a8056518d10e0634585abae7e69dfadbd99d9
36b81b9b64f11e110bca24fb4f4b542f3d0433362cf83e1d341e229430483728
39657f7f198608406cab1de96720a22549e6b6d918db8dfdd0f5ef9ab84ef17c
3b9099c034d83441fb289a449c2f3f65d648e270128ec3b5a70f2c458d59c44a
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342
3e136e77083bfc6ef14ffc5abd19da89a82bf12fc0cda3c603e01582b93303c8
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5e319852607809336b2534ffeb96f6933f26994dd040f535302c84f59cc0a214
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6
609c0f639da2c0424915d89d1a3c8a2302f34aba74692e3a96a1a11ccdfd1b65
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
76fe560fb21b3af496f30085882e3b64882762fe449995ccaaab6c0a8abde36a
7a1c3af722a9f49824247901bc0a05d6a390cb81e2a2864f0009ae7c998b8b81
7c61155791ea8e0fc052cb23f07ae0da216f48b207d58622e17259bd380d6099
7e4fde2a7e2da4eb11065a29f03b7f68566665515cf79bf4841168b46508dda5
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
876cbfbb19cd4a11fc28c7ec84e66d6e4af1d01a9b61d48e016055250980a5c5
87aa0db99819433799e0809f0e7b490be1940f744e701321b7f31e09a7da63a2
8e9a2eadc686b91281fe93c4fd9e534d78d64e50eb5065faf938d03a14fee270
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
9457dc4b2bae047d2506e05e6e4231050832895af322a3c0b116991cb87092dc
947ac0903521f5eceefc90637c066306a8ca67466ccc188bb0107fb7cfb532d1
949015274ea5afc2f1e0957f8a24da99be4b7e485eacef07612379498f6dcc1f
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9e4c08a4eb3dd4c390881735fe69fbe123bf41e1f4783b72242336fdfd36b254
9e818a9ff060ae806eb27b4ddccc7d49c3cf806b2e04f2f11803d2d889fda552
9f22f6e9d4852f8be0706b62fbd0eba20f6cb56171def5e387b2d95fcd07df01
a1d4b01843b9dad68a10bba7ab416fb60cbe6052a223f6bd74cbad286b812b2a
a3758b5f3e8a5de73ac41b13a1e2f97504fa4f03a565a5ad3bd7c56a383dad05
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
aa528d4d8673811d380338bce915e87c5dbde6450b739738a2091249bc8a67f0
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b463c4dd20b3cbc19ec6283dd35a50a10d926c6efe5e0b054fdc5e3b959b6f19
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
b6480709fa56cad6675cf0514debe8d31ef0ecb4ce722657c46d69706b98c034
b79a43a28dc356d07de97ee365a01d714812e2eb02b15397cefb226d2a019a83
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
c931f1812e6d7938bd2642c4064c20c12fb60eb33ec1495eedd4027b15477161
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
cbcfb303a1e7d1f9da8965565b535f4122f2de2f1f3ed9f61f3f9e2dad3dcf9d
cf7fcc9f75c8717897bfaef72f303fab423ce1b70c98512aeb3677e4af988dee
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e039e607c78306c7e029a7fd0ecdb14f86456f16e1a5ce65aa26b4fdf1d38a3c
e2460191aa9c89399375950a6885605ec93f7caf62706d752c743f825723f455
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
eb4d2ef94e9383ff9e37d6cd3d88118195a319ce8baefe31572b9fa40d19b925
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f0205495d259e89d99e6c4989147f8a65bef41513bfbe3e97251cd6fb6fa5947
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
f7c2241b1c4d9679d53b3ea97f235282c28d478d8decf4e169332993ef668b55
f7cb32f2610263e875906526842a955a7d5efebc7176720f0acd92ef5f214d80
f93a2099c3616f66c36e451e221e1069827e048d77eecc0b5219de876eb715d2
fcc5947420bac95a9ee88dc4782ae6101a53a397e25b582b468979318eb71171
fdda2bf7d8e87b5ac90a791a5131a9811c207171107482857b67f6b8329854fb