urlscan.io logo urlscan.io
SecurityTrails logo

www.mitarjetacencosud.cl Open in urlscan Pro
23.208.149.76  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://mail.164-90-149-59.cprapid.com/
Effective URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4M...
Submission: On June 01 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 18 IPs in 4 countries across 15 domains to perform 54 HTTP transactions. The main IP is 23.208.149.76, located in Frankfurt am Main, Germany and belongs to AKAMAI-AS, US. The main domain is www.mitarjetacencosud.cl.
TLS certificate: Issued by GlobalSign RSA OV SSL CA 2018 on April 5th 2024. Valid for: a year.
This is the only time www.mitarjetacencosud.cl was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 2 164.90.149.59 14061 (DIGITALOC...)
18 23.208.149.76 16625 (AKAMAI-AS)
3 2600:9000:20a... 16509 (AMAZON-02)
3 52.239.170.68 8075 (MICROSOFT...)
1 40.69.200.41 8075 (MICROSOFT...)
1 2600:9000:237... 16509 (AMAZON-02)
6 54.230.228.78 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
3 142.250.181.228 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 18.173.154.111 16509 (AMAZON-02)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 40.71.177.34 8075 (MICROSOFT...)
1 54.230.228.64 16509 (AMAZON-02)
2 2a03:2880:f17... 32934 (FACEBOOK)
2 2001:4860:480... 15169 (GOOGLE)
54 18
2    164.90.149.59 (Santa Clara, United States)

ASN14061 (DIGITALOCEAN-ASN, US)
mail.164-90-149-59.cprapid.com
18    23.208.149.76 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-208-149-76.deploy.static.akamaitechnologies.com
www.mitarjetacencosud.cl
3    2600:9000:20ae:7c00:a:b89d:a6c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
cdn.dynamicyield.com
3    52.239.170.68 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
staticresourcesfiles.blob.core.windows.net
1    40.69.200.41 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
monstat.com
1    2600:9000:237d:c800:15:ad21:c740:93a1 (United States)

ASN16509 (AMAZON-02, US)
st.dynamicyield.com
6    54.230.228.78 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-78.muc50.r.cloudfront.net
async-px.dynamicyield.com
2    2a00:1450:4001:828::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    142.250.181.228 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f4.1e100.net
www.google.com
1    2a00:1450:4001:831::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
1    18.173.154.111 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-154-111.muc50.r.cloudfront.net
static.hotjar.com
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    2a00:1450:4001:803::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    40.71.177.34 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
google-tag-manager-tagging-server.azurewebsites.net
1    54.230.228.64 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-230-228-64.muc50.r.cloudfront.net
script.hotjar.com
2    2a03:2880:f176:84:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
Apex Domain
Subdomains		 Transfer
18 mitarjetacencosud.cl
www.mitarjetacencosud.cl
636 KB
10 dynamicyield.com
cdn.dynamicyield.com — Cisco Umbrella Rank: 8814
st.dynamicyield.com — Cisco Umbrella Rank: 8494
async-px.dynamicyield.com — Cisco Umbrella Rank: 8693
603 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
region1.analytics.google.com — Cisco Umbrella Rank: 3095
1 KB
3 windows.net
staticresourcesfiles.blob.core.windows.net
243 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 101
3 KB
2 azurewebsites.net
google-tag-manager-tagging-server.azurewebsites.net
3 KB
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
409 B
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
21 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 183
72 KB
2 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 742
script.hotjar.com — Cisco Umbrella Rank: 988
60 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
238 KB
2 cprapid.com
mail.164-90-149-59.cprapid.com
791 B
1 gstatic.com
www.gstatic.com
210 KB
1 monstat.com
monstat.com — Cisco Umbrella Rank: 96038
300 B
0 google.de Failed
www.google.de Failed
54 15
Domain Requested by
18 www.mitarjetacencosud.cl www.mitarjetacencosud.cl
6 async-px.dynamicyield.com cdn.dynamicyield.com
3 www.google.com www.mitarjetacencosud.cl
www.gstatic.com
3 staticresourcesfiles.blob.core.windows.net www.mitarjetacencosud.cl
3 cdn.dynamicyield.com www.mitarjetacencosud.cl
st.dynamicyield.com
2 region1.analytics.google.com
2 www.facebook.com www.mitarjetacencosud.cl
2 google-tag-manager-tagging-server.azurewebsites.net www.googletagmanager.com
2 stats.g.doubleclick.net www.google-analytics.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
2 connect.facebook.net www.mitarjetacencosud.cl
connect.facebook.net
2 www.googletagmanager.com www.mitarjetacencosud.cl
www.googletagmanager.com
2 mail.164-90-149-59.cprapid.com 2 redirects
1 script.hotjar.com static.hotjar.com
1 static.hotjar.com www.googletagmanager.com
1 www.gstatic.com www.google.com
1 st.dynamicyield.com www.mitarjetacencosud.cl
1 monstat.com www.mitarjetacencosud.cl
0 www.google.de Failed
54 19

This site contains no links.

Subject Issuer Validity Valid
www.tarjetacencosud.cl
GlobalSign RSA OV SSL CA 2018		 2024-04-05 -
2025-05-07		 a year crt.sh
*.dynamicyield.com
Amazon RSA 2048 M02		 2023-09-03 -
2024-10-01		 a year crt.sh
*.blob.core.windows.net
Microsoft RSA TLS CA 01		 2023-09-27 -
2024-09-27		 a year crt.sh
www.monstat.com
Go Daddy Secure Certificate Authority - G2		 2024-01-23 -
2025-02-23		 a year crt.sh
*.google-analytics.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.google.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.gstatic.com
WR2		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-03-10 -
2024-06-08		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2024-05-13 -
2024-08-05		 3 months crt.sh
*.azurewebsites.net
Microsoft Azure RSA TLS Issuing CA 08		 2024-03-13 -
2025-03-08		 a year crt.sh

This page contains 3 frames:

Primary Page: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Frame ID: 3B3F2DD3CCEDA5C4AA2CD006549887CB
Requests: 54 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXZ9YUAAAAAPY8fX3p0rmuiaS9ML0_turv5R_h&co=aHR0cHM6Ly93d3cubWl0YXJqZXRhY2VuY29zdWQuY2w6NDQz&hl=de&type=image&v=DH3nyJMamEclyfe-nztbfV8S&theme=light&size=invisible&badge=bottomright&cb=nwh2zynjgivb
Frame ID: 0D1B8E015735449662592C97500FB6A8
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/api2/bframe?hl=de&v=DH3nyJMamEclyfe-nztbfV8S&k=6LcXZ9YUAAAAAPY8fX3p0rmuiaS9ML0_turv5R_h
Frame ID: 7143DE1F6A1A291C5144813EFA162881
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page URL History Show full URLs

  1. https://mail.164-90-149-59.cprapid.com/ HTTP 302
    https://mail.164-90-149-59.cprapid.com/loginon.php HTTP 302
    https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4M... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • cdn\.dynamicyield\.\w+/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • [^a-z]mtc.*\.js
Overall confidence: 100%
Detected patterns
  • /recaptcha/api\.js

Page Statistics

54
Requests

96 %
HTTPS

50 %
IPv6

15
Domains

19
Subdomains

18
IPs

4
Countries

2089 kB
Transfer

8308 kB
Size

30
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://mail.164-90-149-59.cprapid.com/ HTTP 302
    https://mail.164-90-149-59.cprapid.com/loginon.php HTTP 302
    https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

54 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
www.mitarjetacencosud.cl/
Redirect Chain
  • https://mail.164-90-149-59.cprapid.com/
  • https://mail.164-90-149-59.cprapid.com/loginon.php
  • https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.168168...
7 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
8752b7191b976df2856eda0c2dd6eef83f4aed76c5f25c12e64df5822d7f9f41
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Credentials
true
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Access-Control-Allow-Origin
*
Access-Control-Max-Age
1728000
Cache-Control
no-cache
Connection
keep-alive
Content-Encoding
gzip
Content-Length
2603
Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Type
text/html; charset=utf-8
Date
Sat, 01 Jun 2024 08:51:52 GMT
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none' camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Vary
Accept-Encoding
X-Akamai-Transformed
9 2404 0 pmb=mTOE,2
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-XSS-Protection
1; mode=block

Redirect headers

Cache-Control
no-store, no-cache, must-revalidate
Connection
Keep-Alive
Content-Length
0
Content-Type
text/html; charset=UTF-8
Date
Sat, 01 Jun 2024 08:51:51 GMT
Expires
Thu, 19 Nov 1981 08:52:00 GMT
Keep-Alive
timeout=5, max=99
Pragma
no-cache
Server
Apache
location
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
api_dynamic.js
cdn.dynamicyield.com/api/8781237/ 		3 MB
447 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8781237/api_dynamic.js
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:7c00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
7289cc168804aa8e5c834b6c0816c9a8662777fa864b987938466cde9a58ebe4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 08:51:54 GMT
content-encoding
gzip
via
1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
last-modified
Fri, 31 May 2024 19:56:01 GMT
server
DYCDN
x-amz-cf-pop
MUC50-P5
x-amz-server-side-encryption
AES256
etag
W/"dc0431b62eb9883bd6d05dab4d23f79d"
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=30
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
JHbYtC61ao5AnVZKX5EuCBk_5Kp7kN9hievH0vuRrDbBRvQLjGh_BQ==
api_static.js
cdn.dynamicyield.com/api/8781237/ 		388 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/api/8781237/api_static.js
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:7c00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 05:48:53 GMT
content-encoding
gzip
via
1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
last-modified
Fri, 31 May 2024 19:56:01 GMT
server
DYCDN
age
10980
x-amz-cf-pop
MUC50-P5
etag
W/"64e0187feba0c97d38f8aabb6e6d66cd"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript; charset=utf-8
cache-control
max-age=86400
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
aF6jFxRfVOwzNIkGSbGPag1TRCTBXqkYZsSIQOiuzfDDQnE8VYvPWw==
app.b9a54da18bdc69ce79db.css
www.mitarjetacencosud.cl/login/static/ 		26 KB
6 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.css
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
43e98016171f019e7b335236c24dcfaeda0d35bafcae2c7da7c64a40b413fada
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https:; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:53 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-375709849"
Connection
keep-alive
Content-Length
2945
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Vary
Accept-Encoding
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
text/css; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Access-Control-Allow-Headers
application/x-www-form-urlencoded
Expires
Sat, 01 Jun 2024 08:51:53 GMT
7bf7f132
www.mitarjetacencosud.cl/akam/13/ 		26 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/akam/13/7bf7f132
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
0ecda009bf07341b69145fd181e15639e4f027b46c18ea70440a558e2b5c317e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 01 Jun 2024 08:51:54 GMT
Content-Encoding
gzip
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
8756
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Thu, 22 Feb 2024 19:40:08 GMT
ETag
"50dd4bacd8522dce64d01ab79d478bf874baf2765aa483ea7de2bd818d5ef453"
Stored-Attribute-Sha-Checksum
0ecda009bf07341b69145fd181e15639e4f027b46c18ea70440a558e2b5c317e
Vary
Accept-Encoding
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Content-Type
application/javascript
Cache-Control
max-age=21600
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Expires
Sat, 01 Jun 2024 08:51:54 GMT
3696419433280833-logo-landing.svg
staticresourcesfiles.blob.core.windows.net/content/web/static/ 		13 KB
14 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staticresourcesfiles.blob.core.windows.net/content/web/static/3696419433280833-logo-landing.svg
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.239.170.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
9968d8a3d47d739501e80319122f94225f06a9c7c7da8f8b6eccb0eca55d1767

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 01 Jun 2024 08:51:52 GMT
Last-Modified
Tue, 18 May 2021 20:38:45 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
V72oCt5pNepQVtRFcInFig==
ETag
"0x8D91A3CEE8739B2"
Content-Type
image/svg+xml
x-ms-request-id
39312f42-a01e-001d-2400-b4ed42000000
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
13383
x-ms-lease-state
available
0021926318430187663-loginon.svg
staticresourcesfiles.blob.core.windows.net/content/web/static/ 		739 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staticresourcesfiles.blob.core.windows.net/content/web/static/0021926318430187663-loginon.svg
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.239.170.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
259cfe7b11e386d1e4fa14d5ed9100addab44abc68d6413e4363db663370221f

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 01 Jun 2024 08:51:52 GMT
Last-Modified
Wed, 03 Mar 2021 18:53:00 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
VRLbVuQAqSUO2hXxH6jQmQ==
ETag
"0x8D8DE759198123D"
Content-Type
image/svg+xml
x-ms-request-id
ac14bb9a-801e-0057-7f00-b44ecd000000
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
739
x-ms-lease-state
available
vendors~app.b9a54da18bdc69ce79db.bundle.js
www.mitarjetacencosud.cl/login/static/ 		1 MB
332 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/vendors~app.b9a54da18bdc69ce79db.bundle.js
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
b6792afbc887aab6596058d0cf472d62431ab12ed7dffb3e45a0f1e5f9ff6abe
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:53 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Transfer-Encoding
chunked
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-1970229518"
Connection
keep-alive, Transfer-Encoding
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:53 GMT
app.b9a54da18bdc69ce79db.bundle.js
www.mitarjetacencosud.cl/login/static/ 		59 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.bundle.js
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
a0587802b4a6ca82e92ae1d4d9fdf338be29d09844a8cb15e90a7fe4af42a15b
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:53 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1739109756"
Connection
keep-alive
Content-Length
10310
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/javascript; charset=UTF-8
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:53 GMT
scotbchi2.png
monstat.com/ 		0
300 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://monstat.com/scotbchi2.png?du=https%3A//www.mitarjetacencosud.cl/login%3F_gl%3D1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430&dr=&rr=0.8083909728997061
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
40.69.200.41 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Apache /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options DENY, SAMEORIGIN, SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 01 Jun 2024 08:51:53 GMT
X-Content-Type-Options
nosniff
Last-Modified
Thu, 19 Mar 2020 21:05:26 GMT
Server
Apache
X-Frame-Options
DENY, SAMEORIGIN, SAMEORIGIN
Content-Type
image/png
Connection
close
Accept-Ranges
bytes
Content-Length
0
st
st.dynamicyield.com/ 		62 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://st.dynamicyield.com/st?sec=8781237&inHead=true&id=0&jsession=&ref=&scriptVersion=2.32.0&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%7D
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:c800:15:ad21:c740:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
75327cb2c8b9349b8888b785fa97293fac0ba165a18aed2c27b987f716136ab0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 08:51:53 GMT
content-encoding
gzip
via
1.1 75964e4626dd702b8dac2690031df25a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
p3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"
cache-control
no-cache
x-amz-cf-id
Ym_3GpFael_m_Mq0GaUw5XnuCdhcT4Tn7enJylhUD7qg9fcp_C3hbQ==
expires
Sat, 01 Jun 2024 08:51:52 GMT
6610531364382088-login_sae-20.webp
staticresourcesfiles.blob.core.windows.net/content/web/static/ 		228 KB
228 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://staticresourcesfiles.blob.core.windows.net/content/web/static/6610531364382088-login_sae-20.webp
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
52.239.170.68 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
5f014acaf1bb11d0f6dd9899a6a2af92c0a50f84c01c8e6efe529bb4dc27a459

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
Date
Sat, 01 Jun 2024 08:51:53 GMT
Last-Modified
Wed, 29 May 2024 13:35:00 GMT
Server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
Content-MD5
RUMogGkc8XMg4ecr3ATeBw==
ETag
"0x8DC7FE4235A7590"
Content-Type
application/octet-stream
x-ms-request-id
ac14bc25-801e-0057-7400-b44ecd000000
x-ms-version
2014-02-14
Accept-Ranges
bytes
Content-Length
233022
x-ms-lease-state
available
Nunito-Bold.ttf
www.mitarjetacencosud.cl/login/static/fonts/ 		167 KB
80 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/fonts/Nunito-Bold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
956006994b1c6d9e3edee60605d1e64953f8ba4c2265076ebeeaee3190db57ce
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:53 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
78672
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:53 GMT
Nunito-Regular.ttf
www.mitarjetacencosud.cl/login/static/fonts/ 		163 KB
79 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/fonts/Nunito-Regular.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
022bea9b64e6afc9146cc03d85a19fe8cca08ab9119142f90ea4ceb1577cdaa8
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-445183276", dtTao;desc="1"
Connection
keep-alive
Content-Length
77028
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
NunitoSans-SemiBold.ttf
www.mitarjetacencosud.cl/login/static/fonts/ 		89 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/fonts/NunitoSans-SemiBold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
895ff0e2417ed01ec6a7baf58ffc7e14b566953caebcb00253da28101bd4d23c
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="109841776", dtTao;desc="1"
Connection
keep-alive
Content-Length
43672
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
dy-coll-nojq-min.js
cdn.dynamicyield.com/scripts/2.32.0/ 		105 KB
33 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Requested by
Host: st.dynamicyield.com
URL: https://st.dynamicyield.com/st?sec=8781237&inHead=true&id=0&jsession=&ref=&scriptVersion=2.32.0&dyid_server=&ctx=%7B%22type%22%3A%22OTHER%22%7D
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20ae:7c00:a:b89d:a6c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
DYCDN /
Resource Hash
dbaf4b878e37d415a3d5081681ea7217d8c7dd33fe1f293e3a9d2134ee7df8b4

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 05 May 2024 10:55:46 GMT
content-encoding
gzip
via
1.1 cd703a45a77324fb8797a25a15ba227e.cloudfront.net (CloudFront)
last-modified
Tue, 02 Apr 2024 09:13:47 GMT
server
DYCDN
age
2325368
x-amz-cf-pop
MUC50-P5
etag
W/"2150c036e311450ab69e6e2055629c1b"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=31536000
link
<//st.dynamicyield.com>; rel="dns-prefetch", <//st.dynamicyield.com>; rel="preconnect", <//rcom.dynamicyield.com>; rel="dns-prefetch", <//rcom.dynamicyield.com>; rel="preconnect", <//async-px.dynamicyield.com>; rel="dns-prefetch", <//async-px.dynamicyield.com>; rel="preconnect"
x-amz-cf-id
MEgCqwKAgS06OuCBrp6W9XOQ1gRL2RDs0Vf00ZTqrHaTxXxcV_-WZQ==
uia
async-px.dynamicyield.com/ 		0
385 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/uia?cnst=1&_=1717231913903
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
O9Ipaz6Yb_9wm_rRf8Rfp7l4PORN3jcSfL8kX73QnKzqADzxs7SXYQ==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=720607&uid=-7593068716626353879&sec=8781237&t=ri&e=1563067&p=1&ve=13289378&va=%5B28159346%5D&ses=f6f607344f7435b58faf415a099d67ba&expSes=92894&aud=2233497.2356145.1846560.1846562&expVisitId=-1500728966825943512&cgtgDecisionId=-1500728966797525393&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1717231913940&rri=1652215
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
wYY-8OLK5tT9NPcBfVUj88Oy4_uCT9WP0h6qrf5MZkfQWeZaP8l64Q==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=248712&uid=-7593068716626353879&sec=8781237&t=ri&e=1598032&p=1&ve=12632426&va=%5B28281918%5D&ses=f6f607344f7435b58faf415a099d67ba&expSes=92894&aud=2233497.2356145.1846560.1846562&expVisitId=-1500728968459659774&cgtgDecisionId=-1500728967230513792&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1717231913940&rri=5128150
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
Yn_zY9BBaXoiDtIqH9F3pBUl7x4sPiA51OsdoRCvssxkcbusxLkiiA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=128238&uid=-7593068716626353879&sec=8781237&t=ri&e=1640165&p=1&ve=12775746&va=%5B28423725%5D&ses=f6f607344f7435b58faf415a099d67ba&expSes=92894&aud=2233497.2356145.1846560.1846562&expVisitId=-1500728965686302324&cgtgDecisionId=-1500728969624417303&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1717231913941&rri=128621
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
Wx5cABJQDXVxuntrPayMKzxbQvqWRS6I3yVXVXCSaIrssd_PDWkWFA==
expires
0
var
async-px.dynamicyield.com/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/var?cnst=1&_=124441&uid=-7593068716626353879&sec=8781237&t=ri&e=1721412&p=1&ve=13064154&va=%5B28717695%5D&ses=f6f607344f7435b58faf415a099d67ba&expSes=92894&aud=2233497.2356145.1846560.1846562&expVisitId=-1500728967643089734&cgtgDecisionId=-1500728966343906053&mech=1&smech=null&eri=1&tsrc=Direct&reqts=1717231913941&rri=6532978
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 c2741d5ee2beeb4c9f22fb24f76708b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
7eR5A3St6DIjiIJvcOIUmRsTLiVVu-ztMOomMC_AoEKNQ_pox9GeHA==
expires
0
batch
async-px.dynamicyield.com/ 		0
386 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://async-px.dynamicyield.com/batch?cnst=1&_=1717231914000_961964
Requested by
Host: cdn.dynamicyield.com
URL: https://cdn.dynamicyield.com/scripts/2.32.0/dy-coll-nojq-min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.78 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-78.muc50.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
via
1.1 38f46facdae93530546676e451869f4c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
access-control-allow-methods
POST, GET, OPTIONS
x-cache
Miss from cloudfront
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
access-control-allow-headers
Content-Type, Authorization, Content-Length, X-Requested-With
content-length
0
x-amz-cf-id
y5eIBP-vXgMe2BSZzOypyupvmlzShLjX9ASzFCRjtm0xXq6DLJ9CWw==
expires
0
gtm.js
www.googletagmanager.com/ 		514 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-MNHV9ZN&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6301186b16690ff9f9a503c6358027571598f4bbd331275105cc563ae5752b6f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 08:51:54 GMT
content-encoding
gzip
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
133927
x-xss-protection
0
last-modified
Sat, 01 Jun 2024 06:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 01 Jun 2024 08:51:54 GMT
api.js
www.google.com/recaptcha/ 		1 KB
970 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/vendors~app.b9a54da18bdc69ce79db.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f4.1e100.net
Software
GSE /
Resource Hash
cfcb6e4a549e7c197433581d2d154f603f51118dd16baf4c9d0c54ba5f5d6d3d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 08:51:54 GMT
content-encoding
gzip
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=utf-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
expires
Sat, 01 Jun 2024 08:51:54 GMT
Nunito-Bold.ttf
www.mitarjetacencosud.cl/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/fonts/Nunito-Bold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
48
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
NunitoSans-Bold.ttf
www.mitarjetacencosud.cl/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/fonts/NunitoSans-Bold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
48
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
Nunito-Regular.ttf
www.mitarjetacencosud.cl/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/fonts/Nunito-Regular.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
48
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
NunitoSans-SemiBold.ttf
www.mitarjetacencosud.cl/fonts/ 		0
0 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/fonts/NunitoSans-SemiBold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
48
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
max-age=0, no-cache, no-store
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
login-redirect
www.mitarjetacencosud.cl/login/api/v1.0/ 		91 B
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/api/v1.0/login-redirect?url_path=null
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7fa1f0b0efe642f443a425ddc5181bb241a3de2689e8f02dd954475498ead671
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="1932396149"
Connection
keep-alive
Content-Length
91
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
login-redirect
www.mitarjetacencosud.cl/login/api/v1.0/ 		91 B
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/api/v1.0/login-redirect?url_path=undefined
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7fa1f0b0efe642f443a425ddc5181bb241a3de2689e8f02dd954475498ead671
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Connection
keep-alive
Content-Length
91
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
login-redirect
www.mitarjetacencosud.cl/login/api/v1.0/ 		91 B
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/api/v1.0/login-redirect?url_path=null
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.bundle.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
7fa1f0b0efe642f443a425ddc5181bb241a3de2689e8f02dd954475498ead671
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Authorization
Bearer null
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json; charset=utf-8
Referer
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Date
Sat, 01 Jun 2024 08:51:55 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-61356473"
Connection
keep-alive
Content-Length
91
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
application/json; charset=utf-8
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
truncated
/ 		9 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
truncated
/ 		157 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
recaptcha__de.js
www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/ 		528 KB
210 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/api.js?onload=onloadcallback&render=explicit
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
772ba4e7c02a03b95bd8fef71e44798097c7c37dc97d513843dceee897354738
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 31 May 2024 17:22:15 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
55779
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
214205
x-xss-protection
0
last-modified
Mon, 27 May 2024 02:00:43 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 31 May 2025 17:22:15 GMT
js
www.googletagmanager.com/gtag/ 		326 KB
106 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-DRXSFE1VGQ&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MNHV9ZN&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
950abd5a287f89b767a8712e15e6d28f1ecb184c7ba0f8e29484ad88903c0cc0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 01 Jun 2024 08:51:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
108805
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 01 Jun 2024 08:51:54 GMT
hotjar-2823703.js
static.hotjar.com/c/ 		9 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-2823703.js?sv=7
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MNHV9ZN&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.154.111 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-154-111.muc50.r.cloudfront.net
Software
/
Resource Hash
3987bc4aea3cdad31a3cadb241bcf458ce4fb23c089c181cbe632ab6d4d7e448
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 08:51:22 GMT
via
1.1 3f7bbc22c659b2b7470c819d073f58b6.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P3
age
32
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
etag
W/c49ecbfab5656d471fb04380e8275695
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
x-amz-cf-id
uvxKJ_whn56zhJZD2x9jl96-iU_kC-DxvsaOqQLdnoqxvmeUrnwUcA==
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 01 Jun 2024 08:51:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57845
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=12, mss=1294, tbw=2781, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
VsSQkbQPPuho/H8dWP005aizL7VtU3xJCA+FK/1RBexlI40za7DjqW4i1P3G3FY5TImRwbd5MkYlBST6/p5PzQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-MNHV9ZN&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 01 Jun 2024 08:29:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
1366
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 01 Jun 2024 10:29:08 GMT
anchor
www.google.com/recaptcha/api2/ Frame 0D1B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LcXZ9YUAAAAAPY8fX3p0rmuiaS9ML0_turv5R_h&co=aHR0cHM6Ly93d3cubWl0YXJqZXRhY2VuY29zdWQuY2w6NDQz&hl=de&type=image&v=DH3nyJMamEclyfe-nztbfV8S&theme=light&size=invisible&badge=bottomright&cb=nwh2zynjgivb
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/vendors~app.b9a54da18bdc69ce79db.bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-k_L5wGrM8P5If-jky6bVAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-k_L5wGrM8P5If-jky6bVAQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 01 Jun 2024 08:51:54 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
NunitoSans-Bold.ttf
www.mitarjetacencosud.cl/login/static/fonts/ 		91 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/fonts/NunitoSans-Bold.ttf
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login/static/app.b9a54da18bdc69ce79db.css
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
c571ae34f387c9b81381036896ea4f6c438f76282846bd3f0ebe159bb510018d
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://www.mitarjetacencosud.cl
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="856106995", dtTao;desc="1"
Connection
keep-alive
Content-Length
44239
X-XSS-Protection
1; mode=block
Pragma
no-cache
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:30:59 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
font/ttf
Access-Control-Allow-Origin
*
Vary
Accept-Encoding
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Cache-Control
max-age=0, no-cache, no-store
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Accept-Ranges
bytes
Timing-Allow-Origin
*
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
Expires
Sat, 01 Jun 2024 08:51:54 GMT
collect
www.google-analytics.com/j/ 		3 B
214 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1850745894&t=pageview&_s=1&dl=https%3A%2F%2Fwww.mitarjetacencosud.cl%2Flogin%3F_gl%3D1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430&dp=%2Fpublico%2Flogin&ul=de-de&de=UTF-8&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YGBAiFABhAAAACAAI~&jid=210751539&gjid=528219182&cid=1438657407.1717231914&tid=UA-7553944-1&_gid=672781366.1717231914&_slc=1&gtm=45He45t0n81MNHV9ZNv77302831za200&cd5=%2Fpublico%2Flogin&cd19=2024-06-01T10%3A51%3A54.325%2B02%3A00&cd20=https%3A%2F%2Fwww.mitarjetacencosud.cl%2Flogin%3F_gl%3D1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430&cd26=Retail%20preferente&cd27=Retail%20preferente%20v2&gcd=13l3l3l2l1&dma_cps=sypham&dma=1&npa=1&z=27652
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.mitarjetacencosud.cl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		1 B
352 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-7553944-1&cid=1438657407.1717231914&jid=210751539&gjid=528219182&_gid=672781366.1717231914&npa=1&_u=YGBAiFABhAAAAGAAI~&z=699002484
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Sat, 01 Jun 2024 08:51:54 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.mitarjetacencosud.cl
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
google-tag-manager-tagging-server.azurewebsites.net/g/ 		812 B
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://google-tag-manager-tagging-server.azurewebsites.net/g/collect?v=2&tid=G-DRXSFE1VGQ&gtm=45je45t0v872918340z877302831za200zb77302831&_p=1717231914088&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1438657407.1717231914&ecid=1023551109&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EA&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3l3l2l1&sst.tft=1717231914088&sst.ude=0&_s=1&dl=https%3A%2F%2Fwww.mitarjetacencosud.cl%2Fpublico%2Flogin%3F_gl%3D1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430&dt=%2Fpublico%2Flogin&cu=CLP&sid=1717231914&sct=1&seg=0&en=page_view&_fv=1&_ss=1&tfd=4140&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DRXSFE1VGQ&l=dataLayer&cx=c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.71.177.34 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
43a3d707ff8a4885b3ec36d2dbc27e47dd184f10fc06a66b75f7eba3b8603fa7
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 01 Jun 2024 08:51:54 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.mitarjetacencosud.cl
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
x-accel-buffering
no
modules.7b6d7646601d8cd7fb5f.js
script.hotjar.com/ 		222 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.7b6d7646601d8cd7fb5f.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-2823703.js?sv=7
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.64 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-64.muc50.r.cloudfront.net
Software
/
Resource Hash
0f38a63a4786988c8739a89b8ce5e8599ddef3c3d283eff939be3008cbeef0f8
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 28 May 2024 12:31:06 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 89855bc668c2d62d2715c482773d5732.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P5
age
332448
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56114
last-modified
Tue, 28 May 2024 12:30:49 GMT
etag
"ee291f5775291ceb078ff8007ea3aad3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
OzMD8ROSlAm0oP2gdIAMhRELl5_q1_1RzlCA5Izzx34n6dDk1Q-jGg==
1736650076615936
connect.facebook.net/signals/config/ 		59 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1736650076615936?v=2.9.156&r=stable&domain=www.mitarjetacencosud.cl&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
a97c448132e119d538fce2050db00f5e5affbaad18e317d7cf05aa8a6dac2618
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 01 Jun 2024 08:51:54 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=29, rtx=0, c=64, mss=1294, tbw=63381, tp=-1, tpl=-1, uplat=127, ullat=1
pragma
public
x-fb-debug
qJdD4e3j1moEHpNbxSjgMq/rpJmIKB+onbdFu+w/psyu0y0BqXmcL0WggPFbh4S3uqRANoLdQAYE3aOQWdSwVA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1736650076615936&ev=PageView&dl=https%3A%2F%2Fwww.mitarjetacencosud.cl&rl=&if=false&ts=1717231914643&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.1.1717231914642.656113026&pm=1&hrl=adf43e&ler=empty&cdl=API_unavailable&it=1717231914467&coo=false&cs_cc=1&cas=9066655520098123%2C7429583037158035&rqm=GET
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1294, tbw=2786, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 01 Jun 2024 08:51:54 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=1736650076615936&ev=PageView&dl=https%3A%2F%2Fwww.mitarjetacencosud.cl&rl=&if=false&ts=1717231914643&sw=1600&sh=1200&v=2.9.156&r=stable&ec=0&o=4124&fbp=fb.1.1717231914642.656113026&pm=1&hrl=adf43e&ler=empty&cdl=API_unavailable&it=1717231914467&coo=false&cs_cc=1&cas=9066655520098123%2C7429583037158035&rqm=FGET
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:84:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://www.mitarjetacencosud.cl/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x9eea99bdfae03ea3","source_keys":["1","2"]},{"key_piece":"0xc73ab7bb5c3f30d9","source_keys":["1","2"]}],"aggregatable_values":{"1":1}}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Sat, 01 Jun 2024 08:51:54 GMT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=10, mss=1294, tbw=3104, tp=-1, tpl=-1, uplat=238, ullat=0
pragma
no-cache
x-fb-debug
MFweC7tBSPgbgbr8SAFf0SQxECBHr6KRS9yJAz879gUMkbdCVP5ehGOLjOrcWCnM0tse2XVo9sRxIHHaPdvv5A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
pixel_7bf7f132
www.mitarjetacencosud.cl/akam/13/ 		0
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/akam/13/pixel_7bf7f132
Requested by
Host: www.mitarjetacencosud.cl
URL: https://www.mitarjetacencosud.cl/akam/13/7bf7f132
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

Date
Sat, 01 Jun 2024 08:51:54 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Referrer-Policy
no-referrer
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
Content-Type
text/html
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Connection
keep-alive
Content-Length
0
X-XSS-Protection
1; mode=block
bframe
www.google.com/recaptcha/api2/ Frame 7143 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/api2/bframe?hl=de&v=DH3nyJMamEclyfe-nztbfV8S&k=6LcXZ9YUAAAAAPY8fX3p0rmuiaS9ML0_turv5R_h
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/DH3nyJMamEclyfe-nztbfV8S/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.181.228 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s56-in-f4.1e100.net
Software
GSE /
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-4ik3uMjgDJNkLw3SmEe_XQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-security-policy
script-src 'report-sample' 'nonce-4ik3uMjgDJNkLw3SmEe_XQ' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Sat, 01 Jun 2024 08:51:54 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
collect
google-tag-manager-tagging-server.azurewebsites.net/g/ 		539 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://google-tag-manager-tagging-server.azurewebsites.net/g/collect?v=2&tid=G-DRXSFE1VGQ&gtm=45je45t0v872918340za200zb77302831&_p=1717231914088&gcd=13l3l3l2l1&npa=1&dma_cps=sypham&dma=1&cid=1438657407.1717231914&ecid=1023551109&ul=de-de&sr=1600x1200&_fplc=0&ir=1&ur=DE&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EEA&sst.gse=1&sst.etld=google.de&sst.gcsub=region1&sst.gcd=13l3l3l2l1&sst.tft=1717231914088&sst.sp=1&sst.em_event=1&sst.ude=0&_s=2&dl=https%3A%2F%2Fwww.mitarjetacencosud.cl%2Fpublico%2Flogin%3F_gl%3D1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430&dt=%2Fpublico%2Flogin&cu=CLP&sid=1717231914&sct=1&seg=0&en=scroll&epn.percent_scrolled=90&_et=7&tfd=4650&richsstsse
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-DRXSFE1VGQ&l=dataLayer&cx=c
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
40.71.177.34 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
19669719d03d4d5ce23fd1c607f473ccd1d3c1fa71e77eaacb5d399b3c8bfb51
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Date
Sat, 01 Jun 2024 08:51:55 GMT
X-Content-Type-Options
nosniff
Transfer-Encoding
chunked
Content-Type
text/plain
Access-Control-Allow-Origin
https://www.mitarjetacencosud.cl
Cache-Control
no-cache
Access-Control-Allow-Credentials
true
x-accel-buffering
no
favicon.ico
www.mitarjetacencosud.cl/login/static/ 		1 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.mitarjetacencosud.cl/login/static/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.208.149.76 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-208-149-76.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
6dde8f199d5f9dcb4ac5d836d806f8f3b3c2dc9bc647b9fbfecfa2519dbce8d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Content-Security-Policy
default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Content-Encoding
gzip
Date
Sat, 01 Jun 2024 08:51:55 GMT
Strict-Transport-Security
max-age=31536000 ; includeSubDomains ; preload
Server-Timing
dtSInfo;desc="0", dtRpid;desc="-79997593"
Connection
keep-alive
Content-Length
394
X-XSS-Protection
1; mode=block
Referrer-Policy
no-referrer
Last-Modified
Mon, 27 Mar 2023 22:29:20 GMT
Access-Control-Max-Age
1728000
Access-Control-Allow-Methods
PUT, GET, POST,OPTIONS, DELETE,PATCH
Content-Type
image/x-icon
Access-Control-Allow-Origin
*
Cache-Control
no-cache
Feature-Policy
camera *; fullscreen 'self'; geolocation 'none'; microphone 'none', camera *; fullscreen 'self'; geolocation 'none'; microphone 'none'
Access-Control-Allow-Credentials
true
Vary
Accept-Encoding
Accept-Ranges
bytes
Access-Control-Allow-Headers
DNT,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization
X-Frame-Options
ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
collect
region1.analytics.google.com/g/s/ 		0
210 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://region1.analytics.google.com/g/s/collect?dma=1&dma_cps=sypham&gtm=45j91e45l1v872918340z877302831z9899442930za200zb77302831&_gsid=DRXSFE1VGQbswebVgnJ4jHMunG15I6Tw
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		0
0
collect
stats.g.doubleclick.net/g/ 		0
57 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&dma=1&dma_cps=sypham&tid=G-DRXSFE1VGQ&cid=w6jIEj9lthnMmkrQhMS3U8LKO0qWhVRN9GjL3mP0R8w%3D.1717231914&gtm=45j91e45l1v872918340z877302831z9899442930za200zb77302831&aip=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
region1.analytics.google.com/g/s/ 		0
53 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://region1.analytics.google.com/g/s/collect?dma=1&dma_cps=sypham&gtm=45j91e45l1v872918340z9899442930za200zb77302831&_gsid=DRXSFE1VGQwgRtLw3KkhnZrEUsvbXlgQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Sat, 01 Jun 2024 08:51:55 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.de/ads/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-DRXSFE1VGQ&cid=w6jIEj9lthnMmkrQhMS3U8LKO0qWhVRN9GjL3mP0R8w%3D.1717231914&gtm=45j91e45l1v872918340z877302831z9899442930za200zb77302831&aip=1&z=574515143
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-DRXSFE1VGQ&cid=w6jIEj9lthnMmkrQhMS3U8LKO0qWhVRN9GjL3mP0R8w%3D.1717231914&gtm=45j91e45l1v872918340z9899442930za200zb77302831&aip=1&z=1278337445

Verdicts & Comments Add Verdict or Comment

46 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| DY object| DYExps object| DYO function| DYID object| contextManager object| DYJSON string| bazadebezolkohpepadr object| REDUX_DATA object| DYWork function| $dy object| webpackJsonp function| clearImmediate function| setImmediate object| core object| regeneratorRuntime boolean| _babelPolyfill object| FontAwesomeConfig object| ___FONT_AWESOME___ object| dataLayer string| urhehlevkedkilrobacf object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| google_tag_manager object| google_tag_data function| hj object| _hjSettings function| fbq function| _fbq function| onYouTubeIframeAPIReady string| GoogleAnalyticsObject function| ga object| recaptcha object| closure_lm_96776 object| gaplugins object| gaGlobal object| gaData object| hjSiteSettings function| hjBootstrap object| hjLazyModules object| hjBootstrapCalled

30 Cookies

Domain/Path Name / Value
www.google.com/recaptcha Name: _GRECAPTCHA
Value: 09AFsGliLyfVk1_6Eqla482TK4ifzjoFYpVDYc4uhrHvKsAKRr3ZL-0KrjLJmfHdcppveRNbbu2JvXxo0vcIqYy_M
mail.164-90-149-59.cprapid.com/ Name: PHPSESSID
Value: 787dc35bd8bf3ac9f6f4245f707bc6e6
.mitarjetacencosud.cl/ Name: _dy_ses_load_seq
Value: 92894%3A1717231913597
.mitarjetacencosud.cl/ Name: _dy_csc_ses
Value: t
.mitarjetacencosud.cl/ Name: _dy_c_exps
Value:
.dynamicyield.com/ Name: DYID
Value: -7593068716626353879
.dynamicyield.com/ Name: DYSES
Value: 64a5fa3652ccd5b28e42f5e2c90b14c2
.mitarjetacencosud.cl/ Name: _dycnst
Value: dg
.mitarjetacencosud.cl/ Name: _dyid
Value: -7593068716626353879
.mitarjetacencosud.cl/ Name: _dyjsession
Value: 64a5fa3652ccd5b28e42f5e2c90b14c2
.mitarjetacencosud.cl/ Name: dy_fs_page
Value: www.mitarjetacencosud.cl%2Flogin%3F_gl%3D1*xhja9x*_ga*mtyynte1mtc1mc4xnjgxnjgyndmw*_ga_drxsfe1vgq*mty4mty4mjqzmc4xljaumty4mty4mjqzmc42mc4wlja.%26_ga%3D2.78731028.12399263.1681682431-1625151750.1681682430
.mitarjetacencosud.cl/ Name: _dy_lu_ses
Value: 64a5fa3652ccd5b28e42f5e2c90b14c2%3A1717231913880
.mitarjetacencosud.cl/ Name: _dycst
Value: dk.w.c.ws.fst.
.mitarjetacencosud.cl/ Name: _dy_geo
Value: DE.EU.DE_.DE__
.mitarjetacencosud.cl/ Name: _dy_df_geo
Value: Germany..
.mitarjetacencosud.cl/ Name: _dy_toffset
Value: 0
.mitarjetacencosud.cl/ Name: _dy_soct
Value: 828216.1619920.1717231913*852772.1717932.1717231913*881782.1824565.1717231913*938471.2012949.1717231913
.www.mitarjetacencosud.cl/ Name: _dy_cs_gcg
Value: Dynamic%20Yield%20Experiences
.www.mitarjetacencosud.cl/ Name: _dy_cs_cookie_items
Value: _dy_cs_gcg
.mitarjetacencosud.cl/ Name: dtCookie
Value: v_4_srv_11_sn_DC4BA3E21169C47A48537F479730AD48_perc_100000_ol_0_mul_1_app-3Af93ba096481568ec_1_rcs-3Acss_0
.mitarjetacencosud.cl/ Name: _gcl_au
Value: 1.1.1483074518.1717231914
.mitarjetacencosud.cl/ Name: _gid
Value: GA1.2.672781366.1717231914
.mitarjetacencosud.cl/ Name: _dc_gtm_UA-7553944-1
Value: 1
.mitarjetacencosud.cl/ Name: _ga
Value: GA1.1.1438657407.1717231914
.mitarjetacencosud.cl/ Name: _ga_DRXSFE1VGQ
Value: GS1.1.1717231914.1.0.1717231914.0.0.1023551109
.mitarjetacencosud.cl/ Name: _hjSessionUser_2823703
Value: eyJpZCI6IjE1OThlMzQzLWFkMjgtNTUwMS05MTJhLTA2YTFkZDJmMWM0ZiIsImNyZWF0ZWQiOjE3MTcyMzE5MTQ2MTMsImV4aXN0aW5nIjpmYWxzZX0=
.mitarjetacencosud.cl/ Name: _hjSession_2823703
Value: eyJpZCI6ImJkMWEyY2ZiLWNmMDctNDBlZC05MDAwLTc3ODk1N2UwMWZiZSIsImMiOjE3MTcyMzE5MTQ2MTQsInMiOjAsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=
.mitarjetacencosud.cl/ Name: _fbp
Value: fb.1.1717231914642.656113026
.mitarjetacencosud.cl/ Name: ak_bmsc
Value: 91865B1D5D2B18B7305B800511EDF203~000000000000000000000000000000~YAAQn/AQAlAyDKaPAQAAXZL/0he5WOozUbT3YaRb9XS23euRCHGD3npU83a2T1nKJswpjdYysbubngIcCGDGkKZa+HSZfqKX9/xh01fUjF7QIhIVTgjudODwENhOeXdUVJU6ki/Yaio4KQ3QSa192aWmZWzUNqkdBDN8S02IkS7JfL+f7ILNSEOMfDKJ1yCDdwsfulT+xvrpHzMRfSDpbfeMP0T3ugvedmCxCS9IwEb9SzuKmLyftGIneSD01qrLKwywH3yoD5H+Kb/LCqLmPjbakUqrBel8p+EPqo8YBqeKdf8xoyc4NFEIncY2Hqcs6iJ14+vNSJystgHouZ+SgV22TzvoJ3BI2c7/eL/3DEBAhYtU9U/EGej4fmxXbRRZ7fQ/Qj7FvTVgChPkizmA9OhhkSjErvxEIQujETihbPRrE4lp/p5TwE7fGEir6TC6vK1NDUatdQ==
.mitarjetacencosud.cl/ Name: bm_sv
Value: 8C8D265F6DFE8E82C6E6ED7217E2F3BC~YAAQn/AQAlEyDKaPAQAAXZL/0hdk2WCHgsF5LqjwKKOM7Uz7GPRYURYDW4lvfXsG7jtPlbFBUaNZwPMvL8huguzuxqehLBzfHVUOYj/IUnts5dApmdaNBqkh3RiJ5LMpOEgVgbnM7LEaJPzdqfbx08sc5UW+ew6LGjF8i8p8qgViZTcl86lzL/yiMs73RZkOexdhVHbMjvxstHjK/amF4QrzUzb/fZdabAGuoC0YPYrc53i62xVgrikRTmzjQPbYP+lO2Jv40Xm3BA==~1

15 Console Messages

Source Level URL
Text
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
recommendation verbose URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
[DOM] Password field is not contained in a form: (More info: https://goo.gl/9p2vKq) %o
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
network error URL: https://www.mitarjetacencosud.cl/fonts/Nunito-Regular.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.mitarjetacencosud.cl/fonts/Nunito-Bold.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.mitarjetacencosud.cl/fonts/NunitoSans-Bold.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
network error URL: https://www.mitarjetacencosud.cl/fonts/NunitoSans-SemiBold.ttf
Message:
Failed to load resource: the server responded with a status of 404 (Not Found)
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-DRXSFE1VGQ&cid=w6jIEj9lthnMmkrQhMS3U8LKO0qWhVRN9GjL3mP0R8w%3D.1717231914&gtm=45j91e45l1v872918340z877302831z9899442930za200zb77302831&aip=1&z=574515143' because it violates the following Content Security Policy directive: "img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:".
other warning URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
security error URL: https://www.mitarjetacencosud.cl/login?_gl=1*xhja9x*_ga*MTYyNTE1MTc1MC4xNjgxNjgyNDMw*_ga_DRXSFE1VGQ*MTY4MTY4MjQzMC4xLjAuMTY4MTY4MjQzMC42MC4wLjA.&_ga=2.78731028.12399263.1681682431-1625151750.1681682430
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&dma=1&dma_cps=sypham&tid=G-DRXSFE1VGQ&cid=w6jIEj9lthnMmkrQhMS3U8LKO0qWhVRN9GjL3mP0R8w%3D.1717231914&gtm=45j91e45l1v872918340z9899442930za200zb77302831&aip=1&z=1278337445' because it violates the following Content Security Policy directive: "img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' https: 'self' 'unsafe-inline' 'unsafe-eval'; object-src 'none'; form-action 'self' *.e-pagos.cl *.pagoautomaticocontarjetas.cl *.dynamicyield.com *.bancochile.cl *.servipag.com *.santander.cl *.scotiabank.cl *.tarjetasmas.cl *.paris.cl *.transbank.cl *.rfsc.cl *.googleoptimize.com; worker-src 'self' blob:; upgrade-insecure-requests; frame-ancestors 'self' https://www.mitarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl cat.paris.cl www.paris.cl uat.paris.cl smk.paris.cl paris.cl www.jumbo.cl jumbo.cl cat.jumbo.cl; script-src 'self' 'unsafe-eval' 'unsafe-inline' connect.facebook.net staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.googleoptimize.com *.dynamicyield.com *.bancochile.cl *.hotjar.com *.optimonk.com *.gstatic.com *.gbqofs.com *.gbqofs.io *.google.com *.seguroscencosud.cl *.mitarjetacencosud.cl *.tarjetacencosud.cl maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com az416426.vo.msecnd.net www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net cdn.agilitycms.com dmtags.scotiabank.com facebook.com code.jquery.com *.firebaseio.com; img-src 'self' *.transbank.cl *.dynamicyield.com *.bancochile.cl staticresourcerfsc.blob.core.windows.net staticresourcesfiles.blob.core.windows.net www.puntoscencosud.cl stats.g.doubleclick.net monstat.com *.agilitycms.com *.gbqofs.com *.gbqofs.io *.google.com *.google.ca *.google.cl www.google.com.br cdn.agilitycms.com maps.gstatic.com maps.googleapis.com maps-api-ssl.google.com fonts.googleapis.com www.googletagmanager.com www.googleadservices.com www.google-analytics.com googleads.g.doubleclick.net *.seguroscencosud.cl *.mitarjetacencosud.cl front.optimonk.com *.tarjetacencosud.cl static.hotjar.com *.google.com *.facebook.com *.monstat.com data:; connect-src 'self' https: data: wss: 'unsafe-inline' 'unsafe-eval';
Strict-Transport-Security max-age=31536000 ; includeSubDomains ; preload
X-Frame-Options ALLOW-FROM https://www.tarjetacencosud.cl https://webpay3g.transbank.cl https://transbank.webpay.cl www.paris.cl uat.paris.cl https://cl-jumbo-web-lb-render-dev.smdigital.cl www.jumbo.cl
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

async-px.dynamicyield.com
cdn.dynamicyield.com
connect.facebook.net
google-tag-manager-tagging-server.azurewebsites.net
mail.164-90-149-59.cprapid.com
monstat.com
region1.analytics.google.com
script.hotjar.com
st.dynamicyield.com
static.hotjar.com
staticresourcesfiles.blob.core.windows.net
stats.g.doubleclick.net
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.gstatic.com
www.mitarjetacencosud.cl
www.google.de
142.250.181.228
164.90.149.59
18.173.154.111
2001:4860:4802:32::36
23.208.149.76
2600:9000:20ae:7c00:a:b89d:a6c0:93a1
2600:9000:237d:c800:15:ad21:c740:93a1
2a00:1450:4001:803::200e
2a00:1450:4001:828::2008
2a00:1450:4001:831::2003
2a00:1450:400c:c0d::9a
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:84:face:b00c:0:25de
40.69.200.41
40.71.177.34
52.239.170.68
54.230.228.64
54.230.228.78
022bea9b64e6afc9146cc03d85a19fe8cca08ab9119142f90ea4ceb1577cdaa8
0ecda009bf07341b69145fd181e15639e4f027b46c18ea70440a558e2b5c317e
0f38a63a4786988c8739a89b8ce5e8599ddef3c3d283eff939be3008cbeef0f8
19669719d03d4d5ce23fd1c607f473ccd1d3c1fa71e77eaacb5d399b3c8bfb51
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
259cfe7b11e386d1e4fa14d5ed9100addab44abc68d6413e4363db663370221f
3987bc4aea3cdad31a3cadb241bcf458ce4fb23c089c181cbe632ab6d4d7e448
43a3d707ff8a4885b3ec36d2dbc27e47dd184f10fc06a66b75f7eba3b8603fa7
43e98016171f019e7b335236c24dcfaeda0d35bafcae2c7da7c64a40b413fada
498ea43ee2b31ee61f58f43b798dfaec6eb59b63fefdfaa7c01bba897ba57a33
5f014acaf1bb11d0f6dd9899a6a2af92c0a50f84c01c8e6efe529bb4dc27a459
6301186b16690ff9f9a503c6358027571598f4bbd331275105cc563ae5752b6f
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6dde8f199d5f9dcb4ac5d836d806f8f3b3c2dc9bc647b9fbfecfa2519dbce8d4
7289cc168804aa8e5c834b6c0816c9a8662777fa864b987938466cde9a58ebe4
75327cb2c8b9349b8888b785fa97293fac0ba165a18aed2c27b987f716136ab0
772ba4e7c02a03b95bd8fef71e44798097c7c37dc97d513843dceee897354738
7fa1f0b0efe642f443a425ddc5181bb241a3de2689e8f02dd954475498ead671
80d54533f80e8233621f965ae0a7713928bdb4d491ed0eb5e90434550f1894cb
8752b7191b976df2856eda0c2dd6eef83f4aed76c5f25c12e64df5822d7f9f41
895ff0e2417ed01ec6a7baf58ffc7e14b566953caebcb00253da28101bd4d23c
950abd5a287f89b767a8712e15e6d28f1ecb184c7ba0f8e29484ad88903c0cc0
956006994b1c6d9e3edee60605d1e64953f8ba4c2265076ebeeaee3190db57ce
9968d8a3d47d739501e80319122f94225f06a9c7c7da8f8b6eccb0eca55d1767
a0587802b4a6ca82e92ae1d4d9fdf338be29d09844a8cb15e90a7fe4af42a15b
a97c448132e119d538fce2050db00f5e5affbaad18e317d7cf05aa8a6dac2618
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
b6792afbc887aab6596058d0cf472d62431ab12ed7dffb3e45a0f1e5f9ff6abe
c571ae34f387c9b81381036896ea4f6c438f76282846bd3f0ebe159bb510018d
cfcb6e4a549e7c197433581d2d154f603f51118dd16baf4c9d0c54ba5f5d6d3d
d554361630709572f4c9e33d02ca5ae56275756099a62195513017a0421f73c2
dbaf4b878e37d415a3d5081681ea7217d8c7dd33fe1f293e3a9d2134ee7df8b4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e9c370ea9070b144ed45ff5f35c9206112dd1091326ff898f414ef8c12ec85c0