Submitted URL: https://click.relay.corestream.com/?qs=e99ffb25f17c6492e9ef3f945f77df0a194f1b7674fce16325dce412fe7f1bbd1adaf533bc9c84fd1d5250c915df...
Effective URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_conte...
Submission: On May 24 via manual from IN — Scanned from DE

Summary

This website contacted 23 IPs in 4 countries across 15 domains to perform 80 HTTP transactions. The main IP is 20.96.128.77, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is jefferson.corestream.com.
TLS certificate: Issued by Go Daddy Secure Certificate Authority... on April 24th 2024. Valid for: a year.
This is the only time jefferson.corestream.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.111.234.83 14340 (SALESFORCE)
1 1 20.236.236.165 8075 (MICROSOFT...)
27 20.96.128.77 8075 (MICROSOFT...)
5 2a02:26f0:350... 20940 (AKAMAI-ASN1)
1 2a06:98c1:312... 13335 (CLOUDFLAR...)
1 18.66.192.110 16509 (AMAZON-02)
4 20.221.116.71 8075 (MICROSOFT...)
1 18.173.187.118 16509 (AMAZON-02)
4 151.101.66.217 54113 (FASTLY)
4 54.208.84.168 14618 (AMAZON-AES)
1 54.230.228.26 16509 (AMAZON-02)
8 108.138.32.174 16509 (AMAZON-02)
1 13.248.151.210 16509 (AMAZON-02)
2 23.92.179.154 32475 (SINGLEHOP...)
2 2606:2800:233... 15133 (EDGECAST)
2 18.173.187.31 16509 (AMAZON-02)
4 20.50.88.242 8075 (MICROSOFT...)
3 44.193.71.46 14618 (AMAZON-AES)
1 34.223.74.168 16509 (AMAZON-02)
3 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2001:4860:480... 15169 (GOOGLE)
2 104.198.23.205 15169 (GOOGLE)
80 23
Apex Domain
Subdomains
Transfer
34 corestream.com
click.relay.corestream.com
jefferson.corestream.com
tenants.corestream.com — Cisco Umbrella Rank: 864139
cdn2.corestream.com — Cisco Umbrella Rank: 592525
2 MB
9 launchdarkly.com
app.launchdarkly.com — Cisco Umbrella Rank: 736
events.launchdarkly.com — Cisco Umbrella Rank: 907
clientstream.launchdarkly.com — Cisco Umbrella Rank: 886
4 KB
8 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1845
72 KB
5 typekit.net
use.typekit.net — Cisco Umbrella Rank: 448
p.typekit.net — Cisco Umbrella Rank: 565
83 KB
4 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 32
region1.google-analytics.com — Cisco Umbrella Rank: 2533
22 KB
4 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 751
354 B
4 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 1597
api-iam.intercom.io — Cisco Umbrella Rank: 2092
11 KB
3 logr-ingest.com
cdn.logr-ingest.com — Cisco Umbrella Rank: 24861
r.logr-ingest.com — Cisco Umbrella Rank: 21513
182 KB
2 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 2114
291 KB
2 algolia.net
tkm2y5kpcd-dsn.algolia.net — Cisco Umbrella Rank: 744855
214 KB
2 upscope.io
code.upscope.io — Cisco Umbrella Rank: 23934
js.upscope.io — Cisco Umbrella Rank: 40859
41 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
96 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 89
352 B
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1425
180 B
1 jeffersonbenefitsplus.com
jeffersonbenefitsplus.com
333 B
80 15
Domain Requested by
27 jefferson.corestream.com jefferson.corestream.com
8 cdn.segment.com jefferson.corestream.com
cdn.segment.com
4 dc.services.visualstudio.com jefferson.corestream.com
4 events.launchdarkly.com jefferson.corestream.com
4 app.launchdarkly.com jefferson.corestream.com
4 tenants.corestream.com jefferson.corestream.com
4 use.typekit.net jefferson.corestream.com
use.typekit.net
3 www.google-analytics.com cdn.segment.com
www.google-analytics.com
jefferson.corestream.com
3 api-iam.intercom.io js.intercomcdn.com
2 r.logr-ingest.com jefferson.corestream.com
2 js.intercomcdn.com widget.intercom.io
2 cdn2.corestream.com
2 tkm2y5kpcd-dsn.algolia.net jefferson.corestream.com
1 region1.google-analytics.com www.googletagmanager.com
1 www.googletagmanager.com www.google-analytics.com
1 stats.g.doubleclick.net jefferson.corestream.com
1 api.segment.io jefferson.corestream.com
1 clientstream.launchdarkly.com
1 widget.intercom.io jefferson.corestream.com
1 js.upscope.io code.upscope.io
1 code.upscope.io jefferson.corestream.com
1 cdn.logr-ingest.com jefferson.corestream.com
1 p.typekit.net use.typekit.net
1 jeffersonbenefitsplus.com 1 redirects
1 click.relay.corestream.com 1 redirects
80 25

This site contains links to these domains. Also see Links.

Domain
jefferson2.corestream.com
www.corestream.com
corp.corestream.com
Subject Issuer Validity Valid
*.corestream.com
Go Daddy Secure Certificate Authority - G2
2024-04-24 -
2025-05-25
a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-02-01 -
2025-03-03
a year crt.sh
logr-ingest.com
GTS CA 1P5
2024-04-01 -
2024-06-30
3 months crt.sh
upscope.io
Amazon RSA 2048 M03
2023-10-23 -
2024-11-20
a year crt.sh
app.launchdarkly.com
GlobalSign Atlas R3 DV TLS CA 2024 Q1
2024-04-04 -
2025-05-06
a year crt.sh
events.launchdarkly.com
Amazon ECDSA 256 M03
2024-05-22 -
2025-06-21
a year crt.sh
*.intercom.com
Amazon RSA 2048 M03
2024-01-15 -
2025-02-11
a year crt.sh
*.segment.com
Amazon RSA 2048 M03
2023-11-14 -
2024-12-13
a year crt.sh
clientstream.launchdarkly.com
Amazon RSA 2048 M02
2023-08-09 -
2024-09-05
a year crt.sh
algolia.net
Sectigo RSA Organization Validation Secure Server CA
2024-01-04 -
2025-02-02
a year crt.sh
sni1fbf6gl.wpc.edgecastcdn.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-02 -
2024-11-02
a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02
2023-12-01 -
2024-12-29
a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 04
2024-04-10 -
2025-04-05
a year crt.sh
*.segment.io
Amazon RSA 2048 M03
2023-12-13 -
2025-01-11
a year crt.sh
*.google-analytics.com
WR2
2024-05-06 -
2024-07-29
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2024-05-06 -
2024-07-29
3 months crt.sh
api.logrocket.com
R3
2024-05-02 -
2024-07-31
3 months crt.sh

This page contains 2 frames:

Primary Page: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Frame ID: DA2507092665A4ADFE72C08223E59035
Requests: 65 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.b31bfb87.js
Frame ID: 7A7C4E8844E34912BCD07D5E61228139
Requests: 5 HTTP requests in this frame

Screenshot

Page Title

Home | Jefferson Benefits Plus

Page URL History Show full URLs

  1. https://click.relay.corestream.com/?qs=e99ffb25f17c6492e9ef3f945f77df0a194f1b7674fce16325dce412fe7f1bbd1adaf533... HTTP 302
    https://jeffersonbenefitsplus.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2... HTTP 302
    https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Overall confidence: 100%
Detected patterns
  • <link [^>]*href="[^"]+use\.typekit\.(?:net|com)

Page Statistics

80
Requests

99 %
HTTPS

29 %
IPv6

15
Domains

25
Subdomains

23
IPs

4
Countries

3237 kB
Transfer

6310 kB
Size

19
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://click.relay.corestream.com/?qs=e99ffb25f17c6492e9ef3f945f77df0a194f1b7674fce16325dce412fe7f1bbd1adaf533bc9c84fd1d5250c915dfa7754b8d7a64c6579369 HTTP 302
    https://jeffersonbenefitsplus.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo HTTP 302
    https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

80 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
jefferson.corestream.com/
Redirect Chain
  • https://click.relay.corestream.com/?qs=e99ffb25f17c6492e9ef3f945f77df0a194f1b7674fce16325dce412fe7f1bbd1adaf533bc9c84fd1d5250c915dfa7754b8d7a64c6579369
  • https://jeffersonbenefitsplus.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
  • https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
2 KB
2 KB
Document
General
Full URL
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
66c251780f7c05e8b043b829201be5734aed164247be2a8650f00340c1599513
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
content-length
2002
content-type
text/html
date
Fri, 24 May 2024 19:14:02 GMT
etag
"664635ac-7d2"
last-modified
Thu, 16 May 2024 16:34:52 GMT
server
nginx
x-frame-options
SAMEORIGIN

Redirect headers

content-length
138
content-type
text/html
date
Fri, 24 May 2024 19:14:01 GMT
location
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
server
nginx
x-frame-options
SAMEORIGIN
vcw7mfs.css
use.typekit.net/
10 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/vcw7mfs.css
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
f16d3800d47aceeafb3c4ad1be1ae9269ed13478369a9927323009a577a384dd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Fri, 24 May 2024 19:14:02 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
1184
index-DjWMusk0.js
jefferson.corestream.com/assets/
1 MB
1 MB
Script
General
Full URL
https://jefferson.corestream.com/assets/index-DjWMusk0.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
04102e04f95813a3168efedb2581cf4182554069695e3e186a09030cf4d1af5b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:52 GMT
server
nginx
etag
"664635ac-1619b5"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
1448373
@microsoft-DLRaN0GO.js
jefferson.corestream.com/assets/
158 KB
159 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
b2b59182340acaeb14a32c11dd79b37e2c4ffde47a997d22c0e0f7f6f2d3bad0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-27920"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
162080
styled-components-BXbpQhMr.js
jefferson.corestream.com/assets/
35 KB
35 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/styled-components-BXbpQhMr.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
90beeaab482d473308e41d89d512b6eef2eb3c9804a9b991105041d76daf6ba4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-8c6e"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
35950
xstate-DevVGWv7.js
jefferson.corestream.com/assets/
61 KB
61 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/xstate-DevVGWv7.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
5af015e2f958f4547f04b1f0e4756a9cf26b08cdddbdb1f728ed76259c17e5b3
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-f38e"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
62350
algolia-Cij3_1Kw.js
jefferson.corestream.com/assets/
127 KB
128 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/algolia-Cij3_1Kw.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
0baa214182463c1c56ee98298c8d4eea99863b89b26828ac25503bf7fd19d7be
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-1fdd4"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
130516
logrocket-Dlj0pJiQ.js
jefferson.corestream.com/assets/
144 KB
144 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/logrocket-Dlj0pJiQ.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
792effa00ed9bc424574a5680e1ad74a78456c774e786d25cbeceb5f8ebf2f26
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-24037"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
147511
index-BqBXxTei.css
jefferson.corestream.com/assets/
160 KB
161 KB
Stylesheet
General
Full URL
https://jefferson.corestream.com/assets/index-BqBXxTei.css
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
4c0490b471dbb929d65f43aff1d7b44502c8f3e71631a49ff852cd73dccd7c41
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-280a9"
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
164009
p.css
p.typekit.net/
5 B
172 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=vcw7mfs&ht=tk&f=14032.14033.14034.14035.26893.26894.26897.26898.26909.26910.26913.26914.29382.29383&a=4768995&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/vcw7mfs.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:02 GMT
last-modified
Fri, 23 Jun 2023 17:09:47 GMT
server
nginx
etag
"6495d1db-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
logger-1.min.js
cdn.logr-ingest.com/
844 KB
167 KB
Script
General
Full URL
https://cdn.logr-ingest.com/logger-1.min.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/logrocket-Dlj0pJiQ.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a06:98c1:3120::3 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98331fecb568cf260e6f101d1b52783ad70d626821b1ec43a4bb4d888a925490
Security Headers
Name Value
Strict-Transport-Security max-age=31556926

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:03 GMT
strict-transport-security
max-age=31556926
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
216
x-cache
HIT
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-served-by
cache-fra-eddf8230123-FRA
last-modified
Fri, 24 May 2024 16:14:09 GMT
server
cloudflare
x-timer
S1716567488.208021,VS0,VE3
etag
W/"01fde39c5be9b4ee17e677c38880419840e015c6b443bbbe5fec731488609682-br"
vary
x-fh-requested-host, accept-encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=9XHIQAB%2FoQR8JocqlVe0gINyo2Eqj8h0Rz7Rged9EEdq7Ftr6NAgDMuE9pL2uTYD4tma9ckkoogavcNUfbCuxNsEtWsI2UHoUvkCIl%2B%2BYsbNb8wshoj0n47H4SyMjKGEYeYMwdlnIdRvTrnNGtKNDNpn"}],"group":"cf-nel","max_age":604800}
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=14400
cf-ray
888f9b426ad13a60-FRA
x-cache-hits
1
CgX8WAhWJi.js
code.upscope.io/
1 KB
952 B
Script
General
Full URL
https://code.upscope.io/CgX8WAhWJi.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.110 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-110.muc50.r.cloudfront.net
Software
/
Resource Hash
c5156bb27be841d932acc56dedf4b67659fd843a33ae5e8291e112041566370d

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:03 GMT
content-encoding
gzip
via
1.1 c3f546c2f6132a41e608317139aa8faa.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P1
vary
Accept-Encoding
x-cache
Miss from cloudfront
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60,public
x-amz-cf-id
yfZSz3KPrnUSIIyjV_L9J0M7TVRahPz2lph1S9ucvgYZhv662GOaEA==
jefferson.prod.corestream.com
tenants.corestream.com/TenantSites/ Frame
0
0
Preflight
General
Full URL
https://tenants.corestream.com/TenantSites/jefferson.prod.corestream.com
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.221.116.71 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
request-id,traceparent
Access-Control-Request-Method
GET
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
request-id,traceparent
access-control-allow-methods
GET
access-control-allow-origin
https://jefferson.corestream.com
date
Fri, 24 May 2024 19:14:03 GMT
request-context
appId=cid-v1:36762a49-bcc9-4b3a-a821-3d444bb78b7f
server
istio-envoy
vary
Origin
x-correlation-id
fec6903e-5ebc-455c-ac75-c2bb7de88888
x-envoy-upstream-service-time
1
x-gateway-region
centralus
x-service-region
centralus
jefferson.prod.corestream.com
tenants.corestream.com/TenantSites/
9 KB
9 KB
Fetch
General
Full URL
https://tenants.corestream.com/TenantSites/jefferson.prod.corestream.com
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.221.116.71 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
93fdb4a2f36b27693196fee8be314c55dc35f5e12924cc2bb8ed8911c1e45431

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
traceparent
00-702f13b1914c4db881362fb47177dd6f-be994b5b1172470e-01
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://jefferson.corestream.com/
request-id
|702f13b1914c4db881362fb47177dd6f.be994b5b1172470e
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:36762a49-bcc9-4b3a-a821-3d444bb78b7f
date
Fri, 24 May 2024 19:14:03 GMT
x-correlation-id
84d6c65c-d6d3-4fe2-b71a-c8d4dc5f88d0
server
istio-envoy
x-service-region
centralus
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jefferson.corestream.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
21
content-length
8707
x-gateway-region
centralus
upscope-2.4.134.es6.js
js.upscope.io/
142 KB
40 KB
Script
General
Full URL
https://js.upscope.io/upscope-2.4.134.es6.js
Requested by
Host: code.upscope.io
URL: https://code.upscope.io/CgX8WAhWJi.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.118 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-118.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
554e4ab9d23ef513d5518f62f001424eaeecb5b3648f970c4983e54b4418fec2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:13:51 GMT
content-encoding
gzip
via
1.1 541abc390c35db77f7d121c96f0661ec.cloudfront.net (CloudFront)
last-modified
Thu, 23 May 2024 15:27:45 GMT
server
AmazonS3
x-amz-cf-pop
MUC50-P4
age
14
etag
W/"576ebb7a102deaba4254a28c13afc11e"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=864000,public
x-amz-cf-id
00285Dt-wGv-H09uxvwnNhilsWQfI4pQ0us6sAz011irdoWDNw39tg==
a6409218-408b-40b2-827f-65973211f475
https://jefferson.corestream.com/
471 KB
0
Other
General
Full URL
blob:https://jefferson.corestream.com/a6409218-408b-40b2-827f-65973211f475
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
cc645a5713972cc4888b5a1b5b062c654a4e32752b20f831e00bf10b089bbbb3

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Content-Length
482073
Content-Type
favicon.ico
jefferson.corestream.com/
1 KB
2 KB
Other
General
Full URL
https://jefferson.corestream.com/favicon.ico?v=2
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
32833f37ed7f06075aa1c4f4541c8bdfeb0b0be937c3c80f3840d6001f26ee1a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:03 GMT
last-modified
Thu, 16 May 2024 16:34:01 GMT
server
nginx
etag
"66463579-57e"
x-frame-options
SAMEORIGIN
content-type
image/x-icon
accept-ranges
bytes
content-length
1406
5f072772b5b1880b7229eb3e
app.launchdarkly.com/sdk/goals/
2 B
199 B
XHR
General
Full URL
https://app.launchdarkly.com/sdk/goals/5f072772b5b1880b7229eb3e
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.2.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://jefferson.corestream.com/
X-LaunchDarkly-Wrapper
react-client-sdk/3.1.0
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
content-encoding
gzip
via
1.1 varnish
date
Fri, 24 May 2024 19:14:04 GMT
content-md5
d751713988987e9331980363e24189ce
age
0
x-cache
HIT
content-length
26
x-served-by
cache-fra-etou8220120-FRA
x-timer
S1716578044.000255,VS0,VE2
etag
"d751713988987e9331980363e24189ce"
ld-region
us-east-1
access-control-max-age
300
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
x-cache-hits
0
5f072772b5b1880b7229eb3e
events.launchdarkly.com/events/diagnostic/
0
358 B
XHR
General
Full URL
https://events.launchdarkly.com/events/diagnostic/5f072772b5b1880b7229eb3e
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.208.84.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-84-168.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.2.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://jefferson.corestream.com/
X-LaunchDarkly-Wrapper
react-client-sdk/3.1.0
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiS...
app.launchdarkly.com/sdk/evalx/5f072772b5b1880b7229eb3e/contexts/
20 KB
3 KB
XHR
General
Full URL
https://app.launchdarkly.com/sdk/evalx/5f072772b5b1880b7229eb3e/contexts/eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiSkVGRkVSU09OIiwia2luZCI6InVzZXIiLCJvcmdhbml6YXRpb24iOiJKZWZmZXJzb24ifX0
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ab0d91e2c7979bda3f68fb66477a511a28bc4ecce92b9c9e539e0feef8acabfa

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.2.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://jefferson.corestream.com/
X-LaunchDarkly-Wrapper
react-client-sdk/3.1.0
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
content-encoding
gzip
via
1.1 varnish
age
0
x-cache
MISS
content-length
3026
x-served-by
cache-fra-etou8220151-FRA, cache-fra-etou8220120-FRA
x-timer
S1716578044.000189,VS0,VE37
etag
"207dbb"
access-control-max-age
3600
access-control-allow-methods
OPTIONS, GET
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0
vary
Authorization, Accept-Encoding
accept-ranges
bytes
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
x-cache-hits
0
5f072772b5b1880b7229eb3e
app.launchdarkly.com/sdk/goals/ Frame
0
0
Preflight
General
Full URL
https://app.launchdarkly.com/sdk/goals/5f072772b5b1880b7229eb3e
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Fri, 24 May 2024 19:14:03 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra-etou8220120-FRA
x-timer
S1716578044.977228,VS0,VE2
5f072772b5b1880b7229eb3e
events.launchdarkly.com/events/diagnostic/ Frame
0
0
Preflight
General
Full URL
https://events.launchdarkly.com/events/diagnostic/5f072772b5b1880b7229eb3e
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.208.84.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-84-168.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Fri, 24 May 2024 19:14:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiS...
app.launchdarkly.com/sdk/evalx/5f072772b5b1880b7229eb3e/contexts/ Frame
0
0
Preflight
General
Full URL
https://app.launchdarkly.com/sdk/evalx/5f072772b5b1880b7229eb3e/contexts/eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiSkVGRkVSU09OIiwia2luZCI6InVzZXIiLCJvcmdhbml6YXRpb24iOiJKZWZmZXJzb24ifX0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.66.217 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version,X-LaunchDarkly-Tags
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Fri, 24 May 2024 19:14:03 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
0
x-served-by
cache-fra-etou8220120-FRA
x-timer
S1716578044.977117,VS0,VE1
dz17m8b8
widget.intercom.io/widget/
7 KB
3 KB
Script
General
Full URL
https://widget.intercom.io/widget/dz17m8b8
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
54.230.228.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-54-230-228-26.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
60ad6dfedbaa3202e5fb388be7d11e29c257747f87bf0856e9d7364bc495f92a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
Un7yMBb5pjgGl6u.xKlCMzuPRJBfl2vT
content-encoding
gzip
via
1.1 37efbeb485d6113a0b2df63b2f651402.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 19:12:20 GMT
x-amz-cf-pop
MUC50-P5
age
105
x-amz-server-side-encryption
AES256
x-cache
Error from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
2668
last-modified
Fri, 24 May 2024 09:28:13 GMT
server
AmazonS3
etag
"51186292d2de8a3e09dd0f85b9e303cd"
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
lF4E0QGMn0IT4xi3CX--1JW_MStFQOYg-eHpeT7Odx-zgy23IQdSlg==
analytics.min.js
cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/
103 KB
28 KB
Script
General
Full URL
https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
1ba951fe754b64c51f2e4283dcd44934fe81e5ed72bce5ea0118027ea11f84b7

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
cz_bhSUXUGNGmkASQw1c.vw6LwDw8qa5
content-encoding
br
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 19:14:05 GMT
x-amz-cf-pop
MUC50-P2
x-amz-server-side-encryption
AES256
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 24 Apr 2024 20:11:16 GMT
server
AmazonS3
etag
W/"6b4d907490add531372f8020ebfeb787"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
L2FeEZwaDKYlxNISeXdPw4iF0Fw6tYVe60nC1Sx5_E2rHfvxuQDuGQ==
meta.json
jefferson.corestream.com/
50 B
212 B
Fetch
General
Full URL
https://jefferson.corestream.com/meta.json?1716578044090
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
6a3850fdf673951b3a4b87913aaa2e87da18ea90052eab46b08f22f3b3ffd58d
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
traceparent
00-6eeeb36d44384f80b0394165d43f705a-c100763b74ff4508-01
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
request-id
|6eeeb36d44384f80b0394165d43f705a.c100763b74ff4508
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:01 GMT
server
nginx
etag
"66463579-32"
x-frame-options
SAMEORIGIN
content-type
application/json
accept-ranges
bytes
content-length
50
eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiS...
clientstream.launchdarkly.com/eval/5f072772b5b1880b7229eb3e/
20 KB
0
EventSource
General
Full URL
https://clientstream.launchdarkly.com/eval/5f072772b5b1880b7229eb3e/eyJraW5kIjoibXVsdGkiLCJvcmdhbml6YXRpb24iOnsia2V5IjoiSkVGRkVSU09OIiwia2luZCI6Im9yZ2FuaXphdGlvbiIsIm5hbWUiOiJKZWZmZXJzb24ifSwidXNlciI6eyJhbm9ueW1vdXMiOnRydWUsImVtcGxveWVlSWQiOiJERUZBVUxUIiwia2V5IjoiSkVGRkVSU09OIiwia2luZCI6InVzZXIiLCJvcmdhbml6YXRpb24iOiJKZWZmZXJzb24ifX0
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.151.210 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a1370dc23e25e46ce.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Accept
text/event-stream
Cache-Control
no-cache
Referer
https://jefferson.corestream.com/
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
strict-transport-security
max-age=31536000; includeSubDomains
ld-region
eu-west-1
access-control-max-age
300
access-control-allow-methods
GET,OPTIONS
content-type
text/event-stream; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
x-content-length
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper
Tokens
tenants.corestream.com/Metadata/ Frame
0
0
Preflight
General
Full URL
https://tenants.corestream.com/Metadata/Tokens
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.221.116.71 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
request-id,tenant,tenantname,traceparent,x-timezone-offset
Access-Control-Request-Method
GET
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
request-id,tenant,tenantname,traceparent,x-timezone-offset
access-control-allow-methods
GET
access-control-allow-origin
https://jefferson.corestream.com
date
Fri, 24 May 2024 19:14:04 GMT
request-context
appId=cid-v1:36762a49-bcc9-4b3a-a821-3d444bb78b7f
server
istio-envoy
vary
Origin
x-correlation-id
f99b6fea-81a4-48a9-a864-25fdf575ed9a
x-envoy-upstream-service-time
1
x-gateway-region
centralus
x-service-region
centralus
query
tkm2y5kpcd-dsn.algolia.net/1/indexes/offers/ Frame
0
0
Preflight
General
Full URL
https://tkm2y5kpcd-dsn.algolia.net/1/indexes/offers/query?x-algolia-agent=Algolia%20for%20JavaScript%20(4.23.2)%3B%20Browser%3B%20JS%20Helper%20(3.14.0)%3B%20react%20(18.2.0)%3B%20react-instantsearch%20(6.40.4)
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.179.154 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Accept
*/*
Access-Control-Request-Headers
x-algolia-api-key,x-algolia-application-id
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Credentials
false
Access-Control-Allow-Headers
x-algolia-application-id, connection, origin, x-algolia-api-key, content-type, content-length, x-algolia-signature, x-algolia-user-id, x-algolia-usertoken, x-algolia-tagfilters, DNT, X-Mx-ReqToken, Keep-Alive, User-Agent, X-Requested-With, If-Modified-Since, Cache-Control, Authorization, Accept, Pragma
Access-Control-Allow-Methods
GET, PUT, DELETE, POST, OPTIONS
Access-Control-Allow-Origin
*
Access-Control-Max-Age
86400
Cache-Control
max-age=86400
Connection
keep-alive
Content-Disposition
inline; filename=a.txt
Content-Length
0
Content-Type
text/plain
Date
Fri, 24 May 2024 19:14:04 GMT
Expires
Sat, 25 May 2024 19:14:04 GMT
Server
nginx
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Timing-Allow-Origin
*
X-Content-Type-Options
nosniff
UnauthHome-B6Z9B0Qs.js
jefferson.corestream.com/assets/
2 KB
2 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/UnauthHome-B6Z9B0Qs.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
c5080f08d0cd17c1804e57c50f215296d5a922fe4d3446068292ab279f505d37
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-676"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
1654
useIsSiteEffective-DcOuatQz.js
jefferson.corestream.com/assets/
206 B
375 B
Script
General
Full URL
https://jefferson.corestream.com/assets/useIsSiteEffective-DcOuatQz.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
2ed7acec3a242f1f1caad54196b11e504360687e784c4279f3c00bd07636d039
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-ce"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
206
unauth-home-CBnKHvDL.js
jefferson.corestream.com/assets/
904 B
1 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/unauth-home-CBnKHvDL.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
0e215e6effd1d2708e752cf070dbe733c222d68f0c4400115c183cd66fb5ce01
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-388"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
904
l
use.typekit.net/af/28158e/00000000000000003b9b4066/27/
27 KB
27 KB
Font
General
Full URL
https://use.typekit.net/af/28158e/00000000000000003b9b4066/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/vcw7mfs.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
09d305a5a1c4756015b5b0c509dcc3f121a6e9a754a92ed5bacbb5a60899d411

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/vcw7mfs.css
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
server
nginx
etag
"72f47cc4cd2aeefe0b7a3afe57823f9d1af1047c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
27196
l
use.typekit.net/af/62681e/00000000000000003b9b406a/27/
29 KB
29 KB
Font
General
Full URL
https://use.typekit.net/af/62681e/00000000000000003b9b406a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=n7&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/vcw7mfs.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
d489b866f669f2f15392d5cdce4b6e23f9e66fd7e0f38155510282f5e68c8ec2

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/vcw7mfs.css
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
server
nginx
etag
"159fcd6e6aa88378b15160b2c3ced3c0d32dbe0c"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
29384
Tokens
tenants.corestream.com/Metadata/
6 KB
6 KB
XHR
General
Full URL
https://tenants.corestream.com/Metadata/Tokens
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.221.116.71 Des Moines, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
istio-envoy /
Resource Hash
aa2c61d202e09e5e99610fed467ee88d18da9225fe9bd976e316eeb740dc7d91

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
x-timezone-offset
-120
traceparent
00-6eeeb36d44384f80b0394165d43f705a-ab7606c298ee4860-01
TenantName
Jefferson
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Tenant
8a81295d-ab04-423b-99cd-08d87696b848
Accept-Language
de-DE,de;q=0.9;q=0.9
Accept
application/json, text/plain, */*
Referer
https://jefferson.corestream.com/
Request-Id
|6eeeb36d44384f80b0394165d43f705a.ab7606c298ee4860
sec-ch-ua-platform
"Win32"

Response headers

request-context
appId=cid-v1:36762a49-bcc9-4b3a-a821-3d444bb78b7f
date
Fri, 24 May 2024 19:14:04 GMT
x-correlation-id
edb5d8c6-e955-4b48-8a26-e9e8cc272b80
server
istio-envoy
x-service-region
centralus
vary
Origin
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jefferson.corestream.com
access-control-allow-credentials
true
x-envoy-upstream-service-time
5
content-length
5857
x-gateway-region
centralus
query
tkm2y5kpcd-dsn.algolia.net/1/indexes/offers/
955 KB
214 KB
XHR
General
Full URL
https://tkm2y5kpcd-dsn.algolia.net/1/indexes/offers/query?x-algolia-agent=Algolia%20for%20JavaScript%20(4.23.2)%3B%20Browser%3B%20JS%20Helper%20(3.14.0)%3B%20react%20(18.2.0)%3B%20react-instantsearch%20(6.40.4)
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
23.92.179.154 Secaucus, United States, ASN32475 (SINGLEHOP-LLC, US),
Reverse DNS
Software
nginx /
Resource Hash
e17e331501b6bc63de0c23d0149646f8a611e10dd805c75893483e82515252e7
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
x-algolia-api-key
b7ce15cdbd93ccb3e6a50523ce8f5693
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
content-type
application/x-www-form-urlencoded
x-algolia-application-id
TKM2Y5KPCD
Referer
https://jefferson.corestream.com/
sec-ch-ua-platform
"Win32"

Response headers

Date
Fri, 24 May 2024 19:14:04 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Content-Type-Options
nosniff
Accept-Encoding
deflate, gzip
X-Alg-PT
13
Server
nginx
Content-Encoding
gzip
Transfer-Encoding
chunked
Content-Type
application/json; charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
no-store
Content-Disposition
inline; filename=a.txt
Connection
keep-alive
Timing-Allow-Origin
*
c88f1372-41b5-4b34-adce-1a39b24d85bb.png
cdn2.corestream.com/tenantimages/
40 KB
41 KB
Image
General
Full URL
https://cdn2.corestream.com/tenantimages/c88f1372-41b5-4b34-adce-1a39b24d85bb.png
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
69941568ec6f1d5f72ff335bc23ebfa5572d69411cf1e5654c87fa510c0b4848

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Wed, 06 Oct 2021 19:31:43 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
hTwiJjZVfzE1hfo3Eul17g==
etag
0x8D988FFEDA4BDEB
content-type
image/png
x-ms-request-id
1f244a9a-a01e-0046-600e-ae54cd000000
cache-control
max-age=86400
x-ms-version
2009-09-19
content-length
41287
expires
Sat, 25 May 2024 19:14:04 GMT
corestream-logo-full-color.svg
cdn2.corestream.com/tenantimages/
5 KB
2 KB
Image
General
Full URL
https://cdn2.corestream.com/tenantimages/corestream-logo-full-color.svg
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:233:1cb7:261b:1f9c:2074:3c , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (frc/4CEC) /
Resource Hash
8b1d95f9d6c4cec1109de279b06c9e1c0d7e1a9cac4e47a386a982d290d7e856

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-ms-blob-type
BlockBlob
date
Fri, 24 May 2024 19:14:04 GMT
content-encoding
gzip
content-md5
cP+DkGhjsh+8H8pWr/XjJQ==
age
37197
x-cache
HIT
content-length
1781
x-ms-lease-status
unlocked
last-modified
Thu, 29 Feb 2024 19:42:01 GMT
server
ECAcc (frc/4CEC)
etag
0x8DC395E7F97C4DC
vary
Accept-Encoding
content-type
image/svg+xml
x-ms-request-id
62e5de9f-a01e-0064-55b7-ad3afb000000
cache-control
max-age=86400
x-ms-version
2009-09-19
expires
Sat, 25 May 2024 19:14:04 GMT
index-RMgTfNNj.js
jefferson.corestream.com/assets/
10 KB
10 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/index-RMgTfNNj.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
44b03412a6da72789f5f88a9c98eaf4ca6158acf37deda292cb4469445fa238b
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-283d"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
10301
index.esm-CucO-Y8Y.js
jefferson.corestream.com/assets/
644 B
814 B
Script
General
Full URL
https://jefferson.corestream.com/assets/index.esm-CucO-Y8Y.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e49ad450c05a4ead76a4d4b61e09018c606f15362d80e75ad122dee5efc8f908
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-284"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
644
react-hook-form-Bu323a-0.js
jefferson.corestream.com/assets/
27 KB
27 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/react-hook-form-Bu323a-0.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
bdd9ae5b26ebce443a73fc7b4ecf583880e3bc0bce6e4e3fb8aa16c71b65025f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-6be3"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
27619
LockOutlined-BdppTnSp.js
jefferson.corestream.com/assets/
372 B
542 B
Script
General
Full URL
https://jefferson.corestream.com/assets/LockOutlined-BdppTnSp.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
f5e1c0282c906cab0e9d2ae07c36fac0f305b02877941dbcd7a745cb72019778
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-174"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
372
VisibilityOff-CbUx-jfw.js
jefferson.corestream.com/assets/
902 B
1 KB
Script
General
Full URL
https://jefferson.corestream.com/assets/VisibilityOff-CbUx-jfw.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
558b20a5e3223a9bd9377a2a3cf50a33811e6fcdf9655ef18c031fabde437f9f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-386"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
902
wysiwig-content-BpR9yQ4o.js
jefferson.corestream.com/assets/
814 B
984 B
Script
General
Full URL
https://jefferson.corestream.com/assets/wysiwig-content-BpR9yQ4o.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
8a11ac96a286a1280374122a557d20824c78c7fa986e0933a87211595c02a1d0
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-32e"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
814
wysiwig-content-BjetqwH9.css
jefferson.corestream.com/assets/
182 B
341 B
Stylesheet
General
Full URL
https://jefferson.corestream.com/assets/wysiwig-content-BjetqwH9.css
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
b37992185be892f4f70f02e650eb18d2eb89f80c4a951c6cf5b71cf91354e32f
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-b6"
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
182
useTrackDetailedPageEvent-BBtxmXYw.js
jefferson.corestream.com/assets/
160 B
329 B
Script
General
Full URL
https://jefferson.corestream.com/assets/useTrackDetailedPageEvent-BBtxmXYw.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
9f24e3e3efe64751bb86222c5cfac583242700c509a97420853ce6c8110e4d17
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-a0"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
160
useTrackVisitor-CH9WParV.js
jefferson.corestream.com/assets/
243 B
412 B
Script
General
Full URL
https://jefferson.corestream.com/assets/useTrackVisitor-CH9WParV.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
209416544415cf580f3b6a193c70b1b891d52e15271534b12015ef1d31e2e97a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-f3"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
243
use-on-page-close-BxSmq7Bg.js
jefferson.corestream.com/assets/
297 B
467 B
Script
General
Full URL
https://jefferson.corestream.com/assets/use-on-page-close-BxSmq7Bg.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
50aad1f2329e9ff038917effb5a458f239692889e1a4f739e455b4d5a2e19b58
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-129"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
297
useEffectOnceSessionStorage-DDR6T0F7.js
jefferson.corestream.com/assets/
359 B
529 B
Script
General
Full URL
https://jefferson.corestream.com/assets/useEffectOnceSessionStorage-DDR6T0F7.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
7a6f5f3c8c1eb49a2380db93285012fffda9934701833d5a4e7b07af99ae8dae
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-167"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
359
disclaimer-CUXmC5U7.js
jefferson.corestream.com/assets/
718 B
887 B
Script
General
Full URL
https://jefferson.corestream.com/assets/disclaimer-CUXmC5U7.js
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
7222c6fbafc2b2de06f2466c4323b8f55750e6382adf9c946322d1b32473276a
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-2ce"
x-frame-options
SAMEORIGIN
content-type
application/javascript
accept-ranges
bytes
content-length
718
disclaimer-C8T1LPow.css
jefferson.corestream.com/assets/
940 B
1 KB
Stylesheet
General
Full URL
https://jefferson.corestream.com/assets/disclaimer-C8T1LPow.css
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
c28d4a92e6c63f35e98ee6f03b9c9765236386a9e04e8bf57718d64a426b30d4
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-3ac"
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
940
index-BEradSLX.css
jefferson.corestream.com/assets/
6 KB
6 KB
Stylesheet
General
Full URL
https://jefferson.corestream.com/assets/index-BEradSLX.css
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/index-DjWMusk0.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.96.128.77 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
d049e99b08d22f48e87bf5f65814219c3946d518f1213e8f514d1b68b289b0ba
Security Headers
Name Value
X-Frame-Options SAMEORIGIN

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/?utm_source=MarketingCloud&utm_medium=Email&utm_campaign=ChangeOfAddress_EM2_Discounts&utm_content=Logo
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
last-modified
Thu, 16 May 2024 16:34:51 GMT
server
nginx
etag
"664635ab-1742"
x-frame-options
SAMEORIGIN
content-type
text/css
accept-ranges
bytes
content-length
5954
l
use.typekit.net/af/386e17/00000000000000003b9b4067/27/
26 KB
26 KB
Font
General
Full URL
https://use.typekit.net/af/386e17/00000000000000003b9b4067/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8dd865b3bbc383831fe2ea177f62257a9191&fvd=i4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/vcw7mfs.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:16::215:1495 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
a004dcb4d350ddfca670acf2a59ae33ccac60bf00bce356187b9f38c7e7d9f75

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://use.typekit.net/vcw7mfs.css
Origin
https://jefferson.corestream.com
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:04 GMT
server
nginx
etag
"d98c30ecfe71766352d68bed594d23ee31764440"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
26124
frame-modern.b31bfb87.js
js.intercomcdn.com/ Frame 7A7C
460 KB
138 KB
Script
General
Full URL
https://js.intercomcdn.com/frame-modern.b31bfb87.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/dz17m8b8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-31.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
96ddd4528a871e49f37f0935d7c1498d95d00498157c943e6ca91cd11274cf73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
VZf0m8o_ZVrgKUNlvrEeY6kEqcmQ9.Cz
content-encoding
gzip
via
1.1 e962a4214db0639b31056a5ae4bf22f4.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 17:28:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P4
age
6349
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
140888
last-modified
Fri, 24 May 2024 09:25:17 GMT
server
AmazonS3
etag
"f764b74ed9c9e14da6ac8a37af8ace74"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
GrTHlyNN_bFe8vJVrjBCECyVViGKlIf0EgxDNxiIbixXsSjbkTcJzg==
vendor-modern.84baedee.js
js.intercomcdn.com/ Frame 7A7C
492 KB
153 KB
Script
General
Full URL
https://js.intercomcdn.com/vendor-modern.84baedee.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/dz17m8b8
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.31 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-31.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
521bf0423a56c40d1ffeaf6f0a9fa1da940c487284307f85e995756670dab671
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
8Z00ZuCkCtS1DriRsxFdSi3YBU78Z24L
content-encoding
gzip
via
1.1 e962a4214db0639b31056a5ae4bf22f4.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 17:16:41 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
MUC50-P4
age
7044
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
155847
last-modified
Tue, 21 May 2024 13:59:18 GMT
server
AmazonS3
etag
"072df969182eb6d79f0cc08450299bf4"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
30I03KCjATsJk8fX-gV_XLWpevvWtE8IwspLtdDgxGO0ytfLdA429w==
track
dc.services.visualstudio.com/v2/ Frame
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.242 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Fri, 24 May 2024 19:14:04 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
200 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.242 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
72c2a06c2669cae49b25c84d20958a70abbc17d9e47e8ff7b64064beaf197710
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://jefferson.corestream.com/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Fri, 24 May 2024 19:14:04 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
track
dc.services.visualstudio.com/v2/ Frame
0
0
Preflight
General
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.242 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Fri, 24 May 2024 19:14:04 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/
96 B
154 B
XHR
General
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.50.88.242 Amsterdam, Netherlands, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
32ced94fc8e2bf0187864e9f0ba4488202f136694cf6656d8b1e1998576f3968
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
Sdk-Context
appId
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-type
application/json
Referer
https://jefferson.corestream.com/
sec-ch-ua-platform
"Win32"

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Fri, 24 May 2024 19:14:04 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
ping
api-iam.intercom.io/messenger/web/ Frame 7A7C
6 KB
3 KB
XHR
General
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.b31bfb87.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.193.71.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-71-46.compute-1.amazonaws.com
Software
nginx /
Resource Hash
11a3940fab46a8f1551990d31c2cb73264995f0c1b40bdab602e9098df09b221
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 24 May 2024 19:14:05 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09a36a6c62f211f17
status
200 OK
x-xss-protection
1; mode=block
x-request-id
00059m31m2ug3n0qegqg
x-runtime
0.343510
server
nginx
etag
W/"11a3940fab46a8f1551990d31c2cb732"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jefferson.corestream.com
x-intercom-version
beb912edc954b85d74a62220515684d58bdd3111
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
settings
cdn.segment.com/v1/projects/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/
2 KB
1 KB
Fetch
General
Full URL
https://cdn.segment.com/v1/projects/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/settings
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
58f5d549b1bafb7d4a738a80d6bd1606f8e1ac3de6a5cb4b3847e2b525ba4f83

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
fdwKM0lyIM6R3SFg6DIg7fDLz5SNwKUA
content-encoding
br
via
1.1 67393fa6b3a865c1a8252acac0aa5cbc.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 16:27:04 GMT
x-amz-cf-pop
MUC50-P2
age
10021
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 23 May 2024 12:00:41 GMT
server
AmazonS3
etag
W/"e82bb41736a11c234abd3a38f2b79320"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
OnwptD0jCKlC8YLCpKU3J90YZXFhSrdF7BBcNqKgBqyaB6yHgmwXTQ==
ajs-destination.bundle.ed53a26b6edc80c65d73.js
cdn.segment.com/analytics-next/bundles/
9 KB
3 KB
Script
General
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 15 Apr 2024 15:05:40 GMT
x-amz-version-id
1lCjHefPzcRt0EbQDFkkb.6FnzhNuKxa
content-encoding
br
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3384505
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Fri, 12 Apr 2024 21:39:45 GMT
server
AmazonS3
etag
W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
DD3HD_CLxfSLCZ7ot2jJgSbtaBkOQC4-y5cmkqMmlwVYYH5hWLf20g==
schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
cdn.segment.com/analytics-next/bundles/
2 KB
1 KB
Script
General
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 16 Apr 2024 16:24:37 GMT
x-amz-version-id
i8eJzKMOguCG9cQHRcJAi9UvbY1AN1iu
content-encoding
br
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3293369
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Tue, 16 Apr 2024 01:11:24 GMT
server
AmazonS3
etag
W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
Sd6ljQ5Rwb8qFfEgImAZwSgGMYddXV98LGgDHwiSHrqjxWsnb5HCOQ==
a16cf88658c18bbddb93.js
cdn.segment.com/next-integrations/actions/algolia-plugins/
4 KB
2 KB
Script
General
Full URL
https://cdn.segment.com/next-integrations/actions/algolia-plugins/a16cf88658c18bbddb93.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2f762434dfe5d77cd2e04f3189fd7d6758c6359d771bafaa0f1e88f23ed3334e

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
HLDr1ufrHHDqqiTA8uvaBavrcavEK8Zg
content-encoding
br
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 10:44:48 GMT
x-amz-cf-pop
MUC50-P2
age
30583
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 22 May 2024 10:13:37 GMT
server
AmazonS3
etag
W/"f3fbbbc7de87a29ad7b89f52e377596d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
WkKMC7yX40-RGXgDrN-RmgUOlMSJ2ZT9deRWePgydOB4MNNodMrRdw==
f2b65540f91528301bda.js
cdn.segment.com/next-integrations/actions/845/
26 KB
9 KB
Script
General
Full URL
https://cdn.segment.com/next-integrations/actions/845/f2b65540f91528301bda.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/actions/algolia-plugins/a16cf88658c18bbddb93.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e5eaa930a247f99415a6c4955d96dbba2cd93a3dc92b5f8d3ad5334a8526d807

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
nIDy5slC9Qwp0UsYPEb8mzCwLdWdALMa
content-encoding
gzip
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
date
Fri, 24 May 2024 10:45:21 GMT
x-amz-cf-pop
MUC50-P2
age
30589
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
last-modified
Wed, 22 May 2024 10:13:36 GMT
server
AmazonS3
etag
W/"c99d6fae088cd5d0a0063eaa0d0d714f"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
vary
Accept-Encoding
x-amz-cf-id
BxO3tqkH5KPp6eW4pGV5UPFFS-fTaOgGQ2nnWjz6FtamhzqlTGY32w==
google-analytics.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/
16 KB
5 KB
Script
General
Full URL
https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 07 May 2024 17:45:37 GMT
content-encoding
gzip
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
x-amz-version-id
UrcbvrdkWvVeM88a5LbnIeGLbGs5UNca
x-amz-cf-pop
MUC50-P2
age
1474109
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
4743
last-modified
Fri, 05 Apr 2024 16:42:47 GMT
server
AmazonS3
etag
"6a3ed21f9b6777c0c37e6e248ea22387"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
BZBCPnXRpnd19Rv4CIkqbtTzQTcp3eXp-tkkf3bTwOi8_lWi1BSJfg==
t
api.segment.io/v1/
21 B
180 B
Fetch
General
Full URL
https://api.segment.io/v1/t
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.223.74.168 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-34-223-74-168.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://jefferson.corestream.com
date
Fri, 24 May 2024 19:14:05 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
commons.a61d7bea37d2de5d4b69.js.gz
cdn.segment.com/next-integrations/integrations/vendor/
70 KB
22 KB
Script
General
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/fpJWnH4V4Dpkx6UAFiIJHIQ7fvzucMdE/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 05 Apr 2024 17:37:55 GMT
content-encoding
gzip
via
1.1 826a64379fff05f157845c418fee53d2.cloudfront.net (CloudFront)
x-amz-version-id
1Y99HfuTczPsGIDdcPhw1L1EusEviR19
x-amz-cf-pop
MUC50-P2
age
4239371
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
21911
last-modified
Fri, 05 Apr 2024 16:42:46 GMT
server
AmazonS3
etag
"c467a63b2e7c3a99be423ace649014d8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NXy2ivyoxq1_Jj_QofWeLqfDDEN01Qluj05M83R3xmHLlgvtwHqPRw==
analytics.js
www.google-analytics.com/
52 KB
21 KB
Script
General
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Fri, 24 May 2024 18:29:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
2697
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Fri, 24 May 2024 20:29:08 GMT
ping
api-iam.intercom.io/messenger/web/ Frame 7A7C
6 KB
3 KB
XHR
General
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.b31bfb87.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.193.71.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-71-46.compute-1.amazonaws.com
Software
nginx /
Resource Hash
7a3e95d661b8f8496c28bc54b0580fbb5ba6f83602a032d969edc102b1a517ec
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 24 May 2024 19:14:05 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09a36a6c62f211f17
status
200 OK
x-xss-protection
1; mode=block
x-request-id
00059m6nq6ri8ohtmbc0
x-runtime
0.226831
server
nginx
etag
W/"7a3e95d661b8f8496c28bc54b0580fbb"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jefferson.corestream.com
x-intercom-version
beb912edc954b85d74a62220515684d58bdd3111
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
linkid.js
www.google-analytics.com/plugins/ua/
2 KB
1 KB
Script
General
Full URL
https://www.google-analytics.com/plugins/ua/linkid.js
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 18:15:13 GMT
content-encoding
br
x-content-type-options
nosniff
age
3532
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
697
x-xss-protection
0
last-modified
Fri, 30 Jun 2023 18:58:00 GMT
server
sffe
vary
Accept-Encoding
report-to
{"group":"static-on-bigtable","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/static-on-bigtable"}]}
content-type
text/javascript
cache-control
public, max-age=3600
accept-ranges
bytes
cross-origin-opener-policy-report-only
same-origin; report-to="static-on-bigtable"
expires
Fri, 24 May 2024 19:15:13 GMT
collect
www.google-analytics.com/j/
15 B
35 B
XHR
General
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=2032871451&t=event&ni=0&_s=1&dl=https%3A%2F%2Fjefferson.corestream.com%2F%3Futm_source%3DMarketingCloud%26utm_medium%3DEmail%26utm_campaign%3DChangeOfAddress_EM2_Discounts%26utm_content%3DLogo&ul=de-de&de=UTF-8&dt=Home%20%7C%20Jefferson%20Benefits%20Plus&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&cn=ChangeOfAddress_EM2_Discounts&cs=MarketingCloud&cm=Email&cc=Logo&ec=All&ea=event&ev=0&_u=KGBAgEAjAAAAACAAIAB~&jid=1215481175&gjid=1295708082&cid=1792021892.1716578046&tid=UA-168453032-4&_gid=504272113.1716578046&_slc=1&z=1380450985
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:803::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
938598c6fe839be639d8dfddbb20957afdc95ff0eef5ba3477f8a61f22f7280d
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Fri, 24 May 2024 19:14:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://jefferson.corestream.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
15
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/
1 B
352 B
XHR
General
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-168453032-4&cid=1792021892.1716578046&jid=1215481175&gjid=1295708082&_gid=504272113.1716578046&_u=KGBAgEAjAAAAAGAAIAB~&z=947753082
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c06::9d Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
date
Fri, 24 May 2024 19:14:05 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://jefferson.corestream.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1
expires
Fri, 01 Jan 1990 00:00:00 GMT
ping
api-iam.intercom.io/messenger/web/ Frame 7A7C
6 KB
3 KB
XHR
General
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.b31bfb87.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
44.193.71.46 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-44-193-71-46.compute-1.amazonaws.com
Software
nginx /
Resource Hash
95e5b92758260294eb55352063c394dc65f3c8a58d50e05f870390d2957c1386
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
sec-ch-ua-platform
"Win32"
Referer
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 24 May 2024 19:14:06 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-09a36a6c62f211f17
status
200 OK
x-xss-protection
1; mode=block
x-request-id
0004donls7po1l9fn410
x-runtime
0.289263
server
nginx
etag
W/"95e5b92758260294eb55352063c394dc"
x-request-queueing
0
vary
Accept,Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://jefferson.corestream.com
x-intercom-version
beb912edc954b85d74a62220515684d58bdd3111
access-control-expose-headers
x-request-id
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-frame-options
SAMEORIGIN
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
js
www.googletagmanager.com/gtag/
276 KB
96 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-S8ZW193L27&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
9e12c9a9398d985f36094e4e65123ef4a973d68e0b5712acc7027a8160ef6cd6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:05 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
97656
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Fri, 24 May 2024 19:14:05 GMT
5f072772b5b1880b7229eb3e
events.launchdarkly.com/events/bulk/ Frame
0
0
Preflight
General
Full URL
https://events.launchdarkly.com/events/bulk/5f072772b5b1880b7229eb3e
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.208.84.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-84-168.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Fri, 24 May 2024 19:14:05 GMT
strict-transport-security
max-age=31536000; includeSubDomains
5f072772b5b1880b7229eb3e
events.launchdarkly.com/events/bulk/
0
358 B
XHR
General
Full URL
https://events.launchdarkly.com/events/bulk/5f072772b5b1880b7229eb3e
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
54.208.84.168 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-208-84-168.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
X-LaunchDarkly-Payload-ID
ca109ab0-1a01-11ef-8cc9-4d1bf526066d
X-LaunchDarkly-Event-Schema
4
Accept-Language
de-DE,de;q=0.9;q=0.9
X-LaunchDarkly-User-Agent
JSClient/3.2.0
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
Content-Type
application/json
Referer
https://jefferson.corestream.com/
X-LaunchDarkly-Wrapper
react-client-sdk/3.1.0
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
collect
region1.google-analytics.com/g/
0
251 B
Ping
General
Full URL
https://region1.google-analytics.com/g/collect?v=2&tid=G-S8ZW193L27&gtm=45je45m0v9135707294za200&_p=1716578045853&gcd=13l3l3l2l2&npa=0&dma_cps=sypham&dma=1&ul=de-de&sr=1600x1200&cid=1792021892.1716578046&ir=1&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B125.0.6422.112%7CChromium%3B125.0.6422.112%7CNot.A%252FBrand%3B24.0.0.0&uamb=0&uam=&uap=Win32&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fjefferson.corestream.com%2F%3Futm_source%3DMarketingCloud%26utm_medium%3DEmail%26utm_campaign%3DChangeOfAddress_EM2_Discounts%26utm_content%3DLogo&dt=Home%20%7C%20Jefferson%20Benefits%20Plus&cn=ChangeOfAddress_EM2_Discounts&cs=MarketingCloud&cm=Email&cc=Logo&sid=1716578046&sct=1&seg=0&en=event&_fv=1&_ss=1&_ee=1&ep.event_category=All&ep.value=0&tfd=5302
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-S8ZW193L27&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Fri, 24 May 2024 19:14:06 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://jefferson.corestream.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
i
r.logr-ingest.com/ Frame
0
0
Preflight
General
Full URL
https://r.logr-ingest.com/i?a=rnree3%2Fcs-prod&r=5-d30af9c0-8925-4006-899f-49425067db62&t=0be83d93-9376-499a-bb30-3a04bdf9bc1c&s=0&rs=0%2Cu&u=c0c9bc20-4b2a-4cb9-9445-3d8eb588b5da&is=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.23.205 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
205.23.198.104.bc.googleusercontent.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept
*/*
Access-Control-Request-Headers
x-logrocket-relay-version
Access-Control-Request-Method
POST
Origin
https://jefferson.corestream.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
content-length
0
date
Fri, 24 May 2024 19:14:06 GMT
strict-transport-security
max-age=31536000; includeSubDomains
i
r.logr-ingest.com/
14 KB
15 KB
XHR
General
Full URL
https://r.logr-ingest.com/i?a=rnree3%2Fcs-prod&r=5-d30af9c0-8925-4006-899f-49425067db62&t=0be83d93-9376-499a-bb30-3a04bdf9bc1c&s=0&rs=0%2Cu&u=c0c9bc20-4b2a-4cb9-9445-3d8eb588b5da&is=1
Requested by
Host: jefferson.corestream.com
URL: https://jefferson.corestream.com/assets/@microsoft-DLRaN0GO.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.198.23.205 Council Bluffs, United States, ASN15169 (GOOGLE, US),
Reverse DNS
205.23.198.104.bc.googleusercontent.com
Software
/ Express
Resource Hash
f5f40baa2b253c1f1316b651550c8c8046075fe80f9d1bd06cfcab38f792cda2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="125", "Not:A-Brand";v="8", "Chromium";v="125"
Referer
https://jefferson.corestream.com/
X-LogRocket-Relay-Version
2023.12.0
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/125.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 24 May 2024 19:14:08 GMT
strict-transport-security
max-age=31536000; includeSubDomains
etag
W/"38f0-a3/pNqYJqZWaumqogVrkOiJvyZ4"
x-powered-by
Express
access-control-max-age
1728000
access-control-allow-methods
GET, PUT, POST, DELETE, PATCH, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-allow-credentials
true
access-control-allow-headers
DNT,Keep-Alive,User-Agent,X-Requested-With,X-Csrftoken,If-Modified-Since,Cache-Control,Content-Type,Authorization,Accept,Origin,X-Logrocket-Url,X-Logrocket-Ignore,X-Logrocket-Secret,X-LogRocket-Relay-Version
content-length
14576

Verdicts & Comments Add Verdict or Comment

40 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| __tsUtils$gblCfg object| __dynProto$Gbl function| _lrMutationObserver function| _lr_surl_cb object| __SDKCONFIG__ string| __reactRouterVersion number| 2f1acc6c3a606b082e5eef5e54414ffb function| Upscope string| scriptUrl object| regeneratorRuntime function| _LRLogger boolean| _lr_loaded boolean| __upscopeIdleManagerActive function| Intercom object| analytics function| _lrXMLHttpRequest object| intercomSettings function| __intercomAssignLocation function| __intercomReloadLocation object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| webpackChunkDestination function| algolia-pluginsDestination object| google-analyticsDeps function| google-analyticsLoader object| webpackJsonp_name_Integration function| setImmediate function| clearImmediate function| google-analyticsIntegration string| GoogleAnalyticsObject function| ga object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer object| google_tag_manager

19 Cookies

Domain/Path Name / Value
jeffersonbenefitsplus.com/ Name: ApplicationGatewayAffinityCORS
Value: 1e4e4d484d830c42477f155fdfd09475
jeffersonbenefitsplus.com/ Name: ApplicationGatewayAffinity
Value: 1e4e4d484d830c42477f155fdfd09475
jefferson.corestream.com/ Name: ApplicationGatewayAffinityCORS
Value: b4a0f805849ef0b7cf33b84e1c2edfc2
jefferson.corestream.com/ Name: ApplicationGatewayAffinity
Value: b4a0f805849ef0b7cf33b84e1c2edfc2
jefferson.corestream.com/ Name: ai_user
Value: X2HoKvKjW2TKIrir5TN60D|2024-05-24T19:14:03.232Z
.corestream.com/ Name: _upscope__region
Value: ImV1LWNlbnRyYWwi
.corestream.com/ Name: _upscope__shortId
Value: IlpLRUpSRVhEUDExRU5NSERLIg==
jefferson.corestream.com/ Name: ai_session
Value: nf9bud2MhhiP/s494TWgBr|1716578043938|1716578043938
jefferson.corestream.com/ Name: _lr_tabs_-rnree3%2Fcs-prod
Value: {%22sessionID%22:0%2C%22recordingID%22:%225-d30af9c0-8925-4006-899f-49425067db62%22%2C%22webViewID%22:null%2C%22lastActivity%22:1716578044088}
jefferson.corestream.com/ Name: _lr_hb_-rnree3%2Fcs-prod
Value: {%22heartbeat%22:1716578044088}
jefferson.corestream.com/ Name: _lr_uf_-rnree3
Value: e5a1fc1c-5555-43e7-82c6-e8fb81c3193d
.corestream.com/ Name: ajs_anonymous_id
Value: ac3cc1ff-eebf-466b-9e72-0528360481f7
.corestream.com/ Name: intercom-id-dz17m8b8
Value: d98eb864-4b1c-4180-a6f2-44242698a2c5
.corestream.com/ Name: intercom-session-dz17m8b8
Value:
.corestream.com/ Name: intercom-device-id-dz17m8b8
Value: 1ab77f46-bfbd-4ddf-ad8d-a2711c748074
.corestream.com/ Name: _ga
Value: GA1.2.1792021892.1716578046
.corestream.com/ Name: _gid
Value: GA1.2.504272113.1716578046
.corestream.com/ Name: _gat
Value: 1
.corestream.com/ Name: _ga_S8ZW193L27
Value: GS1.2.1716578046.1.0.1716578046.0.0.0

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.segment.io
app.launchdarkly.com
cdn.logr-ingest.com
cdn.segment.com
cdn2.corestream.com
click.relay.corestream.com
clientstream.launchdarkly.com
code.upscope.io
dc.services.visualstudio.com
events.launchdarkly.com
jefferson.corestream.com
jeffersonbenefitsplus.com
js.intercomcdn.com
js.upscope.io
p.typekit.net
r.logr-ingest.com
region1.google-analytics.com
stats.g.doubleclick.net
tenants.corestream.com
tkm2y5kpcd-dsn.algolia.net
use.typekit.net
widget.intercom.io
www.google-analytics.com
www.googletagmanager.com
104.198.23.205
108.138.32.174
13.111.234.83
13.248.151.210
151.101.66.217
18.173.187.118
18.173.187.31
18.66.192.110
20.221.116.71
20.236.236.165
20.50.88.242
20.96.128.77
2001:4860:4802:34::36
23.92.179.154
2606:2800:233:1cb7:261b:1f9c:2074:3c
2a00:1450:4001:803::200e
2a00:1450:4001:82f::2008
2a00:1450:400c:c06::9d
2a02:26f0:3500:16::215:1495
2a06:98c1:3120::3
34.223.74.168
44.193.71.46
54.208.84.168
54.230.228.26
04102e04f95813a3168efedb2581cf4182554069695e3e186a09030cf4d1af5b
09d305a5a1c4756015b5b0c509dcc3f121a6e9a754a92ed5bacbb5a60899d411
0baa214182463c1c56ee98298c8d4eea99863b89b26828ac25503bf7fd19d7be
0e215e6effd1d2708e752cf070dbe733c222d68f0c4400115c183cd66fb5ce01
11a3940fab46a8f1551990d31c2cb73264995f0c1b40bdab602e9098df09b221
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1ba951fe754b64c51f2e4283dcd44934fe81e5ed72bce5ea0118027ea11f84b7
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
209416544415cf580f3b6a193c70b1b891d52e15271534b12015ef1d31e2e97a
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
2ed7acec3a242f1f1caad54196b11e504360687e784c4279f3c00bd07636d039
2f762434dfe5d77cd2e04f3189fd7d6758c6359d771bafaa0f1e88f23ed3334e
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
32833f37ed7f06075aa1c4f4541c8bdfeb0b0be937c3c80f3840d6001f26ee1a
32ced94fc8e2bf0187864e9f0ba4488202f136694cf6656d8b1e1998576f3968
44b03412a6da72789f5f88a9c98eaf4ca6158acf37deda292cb4469445fa238b
4c0490b471dbb929d65f43aff1d7b44502c8f3e71631a49ff852cd73dccd7c41
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
50aad1f2329e9ff038917effb5a458f239692889e1a4f739e455b4d5a2e19b58
521bf0423a56c40d1ffeaf6f0a9fa1da940c487284307f85e995756670dab671
554e4ab9d23ef513d5518f62f001424eaeecb5b3648f970c4983e54b4418fec2
558b20a5e3223a9bd9377a2a3cf50a33811e6fcdf9655ef18c031fabde437f9f
58f5d549b1bafb7d4a738a80d6bd1606f8e1ac3de6a5cb4b3847e2b525ba4f83
5af015e2f958f4547f04b1f0e4756a9cf26b08cdddbdb1f728ed76259c17e5b3
60ad6dfedbaa3202e5fb388be7d11e29c257747f87bf0856e9d7364bc495f92a
66c251780f7c05e8b043b829201be5734aed164247be2a8650f00340c1599513
69941568ec6f1d5f72ff335bc23ebfa5572d69411cf1e5654c87fa510c0b4848
6a3850fdf673951b3a4b87913aaa2e87da18ea90052eab46b08f22f3b3ffd58d
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
7222c6fbafc2b2de06f2466c4323b8f55750e6382adf9c946322d1b32473276a
72c2a06c2669cae49b25c84d20958a70abbc17d9e47e8ff7b64064beaf197710
792effa00ed9bc424574a5680e1ad74a78456c774e786d25cbeceb5f8ebf2f26
7a3e95d661b8f8496c28bc54b0580fbb5ba6f83602a032d969edc102b1a517ec
7a6f5f3c8c1eb49a2380db93285012fffda9934701833d5a4e7b07af99ae8dae
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff
8a11ac96a286a1280374122a557d20824c78c7fa986e0933a87211595c02a1d0
8b1d95f9d6c4cec1109de279b06c9e1c0d7e1a9cac4e47a386a982d290d7e856
90beeaab482d473308e41d89d512b6eef2eb3c9804a9b991105041d76daf6ba4
92fca55833f48b4289ac8f1cedd48752b580fce4ec4b5d81670b8193d6e51b54
938598c6fe839be639d8dfddbb20957afdc95ff0eef5ba3477f8a61f22f7280d
93fdb4a2f36b27693196fee8be314c55dc35f5e12924cc2bb8ed8911c1e45431
95e5b92758260294eb55352063c394dc65f3c8a58d50e05f870390d2957c1386
96ddd4528a871e49f37f0935d7c1498d95d00498157c943e6ca91cd11274cf73
98331fecb568cf260e6f101d1b52783ad70d626821b1ec43a4bb4d888a925490
9e12c9a9398d985f36094e4e65123ef4a973d68e0b5712acc7027a8160ef6cd6
9f24e3e3efe64751bb86222c5cfac583242700c509a97420853ce6c8110e4d17
a004dcb4d350ddfca670acf2a59ae33ccac60bf00bce356187b9f38c7e7d9f75
aa2c61d202e09e5e99610fed467ee88d18da9225fe9bd976e316eeb740dc7d91
ab0d91e2c7979bda3f68fb66477a511a28bc4ecce92b9c9e539e0feef8acabfa
b2b59182340acaeb14a32c11dd79b37e2c4ffde47a997d22c0e0f7f6f2d3bad0
b37992185be892f4f70f02e650eb18d2eb89f80c4a951c6cf5b71cf91354e32f
bdd9ae5b26ebce443a73fc7b4ecf583880e3bc0bce6e4e3fb8aa16c71b65025f
c28d4a92e6c63f35e98ee6f03b9c9765236386a9e04e8bf57718d64a426b30d4
c5080f08d0cd17c1804e57c50f215296d5a922fe4d3446068292ab279f505d37
c5156bb27be841d932acc56dedf4b67659fd843a33ae5e8291e112041566370d
cc645a5713972cc4888b5a1b5b062c654a4e32752b20f831e00bf10b089bbbb3
d049e99b08d22f48e87bf5f65814219c3946d518f1213e8f514d1b68b289b0ba
d489b866f669f2f15392d5cdce4b6e23f9e66fd7e0f38155510282f5e68c8ec2
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e17e331501b6bc63de0c23d0149646f8a611e10dd805c75893483e82515252e7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e49ad450c05a4ead76a4d4b61e09018c606f15362d80e75ad122dee5efc8f908
e5eaa930a247f99415a6c4955d96dbba2cd93a3dc92b5f8d3ad5334a8526d807
f16d3800d47aceeafb3c4ad1be1ae9269ed13478369a9927323009a577a384dd
f5e1c0282c906cab0e9d2ae07c36fac0f305b02877941dbcd7a745cb72019778
f5f40baa2b253c1f1316b651550c8c8046075fe80f9d1bd06cfcab38f792cda2