urlscan.io logo urlscan.io
SecurityTrails logo

www.biltrewards.com Open in urlscan Pro
34.117.79.164  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://connect.wellsfargoemail.com/a/hBij9xFB8IXCZB96lqFN0N0vwdD/biltrew
Effective URL: https://www.biltrewards.com/
Submission: On May 27 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 4 countries across 21 domains to perform 171 HTTP transactions. The main IP is 34.117.79.164, located in Kansas City, United States and belongs to GOOGLE-CLOUD-PLATFORM, US. The main domain is www.biltrewards.com. The Cisco Umbrella rank of the primary domain is 692399.
TLS certificate: Issued by GTS CA 1D4 on May 7th 2022. Valid for: 3 months.
This is the only time www.biltrewards.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 67.134.222.209 53316 (ASN-CHEET...)
104 34.117.79.164 396982 (GOOGLE-CL...)
3 2a00:1450:400... 15169 (GOOGLE)
6 151.101.194.217 54113 (FASTLY)
9 143.204.103.41 16509 (AMAZON-02)
9 104.18.72.113 13335 (CLOUDFLAR...)
1 143.204.98.80 16509 (AMAZON-02)
2 143.204.98.86 16509 (AMAZON-02)
1 143.204.98.23 16509 (AMAZON-02)
1 5 2a00:1450:400... 15169 (GOOGLE)
2 54.170.56.53 16509 (AMAZON-02)
2 13.248.151.210 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
4 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
4 104.16.53.111 13335 (CLOUDFLAR...)
4 52.72.173.19 14618 (AMAZON-AES)
1 35.201.112.186 15169 (GOOGLE)
3 2a03:2880:f02... 32934 (FACEBOOK)
2 142.250.185.66 15169 (GOOGLE)
1 52.37.21.144 16509 (AMAZON-02)
1 35.186.194.58 15169 (GOOGLE)
2 2a03:2880:f12... 32934 (FACEBOOK)
1 2 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
171 24
1    67.134.222.209 (Revere, United States)

ASN53316 (ASN-CHEETA-MAIL, US)
connect.wellsfargoemail.com
104    34.117.79.164 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 164.79.117.34.bc.googleusercontent.com
www.biltrewards.com
3    2a00:1450:4001:80e::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
6    151.101.194.217 (United States)

ASN54113 (FASTLY, US)
app.launchdarkly.com
9    143.204.103.41 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-103-41.fra50.r.cloudfront.net
cdn.segment.com
9    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
ekr.zdassets.com
1    143.204.98.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-80.fra50.r.cloudfront.net
cdn.deviceinf.com
2    143.204.98.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-86.fra50.r.cloudfront.net
cdn.plaid.com
1    143.204.98.23 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-143-204-98-23.fra50.r.cloudfront.net
global.oktacdn.com
5    2a00:1450:4001:827::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.com
2    54.170.56.53 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-170-56-53.eu-west-1.compute.amazonaws.com
vitals.vercel-insights.com
2    13.248.151.210 (United States)

ASN16509 (AMAZON-02, US)
PTR: a1370dc23e25e46ce.awsglobalaccelerator.com
clientstream.launchdarkly.com
1    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o441793.ingest.sentry.io
4    2a00:1450:4001:828::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.gstatic.com
2    2a00:1450:4001:80f::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
4    104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)
biltrewards.zendesk.com
4    52.72.173.19 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-72-173-19.compute-1.amazonaws.com
events.launchdarkly.com
1    35.201.112.186 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
3    2a03:2880:f02d:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
1    52.37.21.144 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-37-21-144.us-west-2.compute.amazonaws.com
api.segment.io
1    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
2    2a03:2880:f12d:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    2a00:1450:4001:80e::2002 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
googleads.g.doubleclick.net
2    2a00:1450:4001:803::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.de
Apex Domain
Subdomains		 Transfer
104 biltrewards.com
www.biltrewards.com — Cisco Umbrella Rank: 692399
2 MB
12 launchdarkly.com
app.launchdarkly.com — Cisco Umbrella Rank: 1909
clientstream.launchdarkly.com — Cisco Umbrella Rank: 1624
events.launchdarkly.com — Cisco Umbrella Rank: 1477
2 KB
9 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 1902
ekr.zdassets.com — Cisco Umbrella Rank: 2180
435 KB
9 segment.com
cdn.segment.com — Cisco Umbrella Rank: 1444
67 KB
6 gstatic.com
www.gstatic.com
fonts.gstatic.com
346 KB
5 google.com
www.google.com — Cisco Umbrella Rank: 2
23 KB
4 zendesk.com
biltrewards.zendesk.com
2 KB
3 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 144
134 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
108 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 6117
612 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 40
2 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
388 B
2 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 114
16 KB
2 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2364
rs.fullstory.com — Cisco Umbrella Rank: 2068
72 KB
2 vercel-insights.com
vitals.vercel-insights.com — Cisco Umbrella Rank: 14189
267 B
2 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 15269
73 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1006
177 B
1 sentry.io
o441793.ingest.sentry.io
280 B
1 oktacdn.com
global.oktacdn.com — Cisco Umbrella Rank: 14307
214 KB
1 deviceinf.com
cdn.deviceinf.com
109 KB
1 wellsfargoemail.com
connect.wellsfargoemail.com — Cisco Umbrella Rank: 112101
545 B
171 21
Domain Requested by
104 www.biltrewards.com www.biltrewards.com
9 cdn.segment.com www.biltrewards.com
cdn.segment.com
8 static.zdassets.com www.biltrewards.com
static.zdassets.com
6 app.launchdarkly.com www.biltrewards.com
5 www.google.com 1 redirects www.biltrewards.com
www.gstatic.com
www.google.com
4 events.launchdarkly.com www.biltrewards.com
4 biltrewards.zendesk.com static.zdassets.com
4 www.gstatic.com www.google.com
www.gstatic.com
3 connect.facebook.net cdn.segment.com
connect.facebook.net
3 www.googletagmanager.com www.biltrewards.com
www.googletagmanager.com
2 www.google.de
2 googleads.g.doubleclick.net 1 redirects www.googleadservices.com
2 www.facebook.com
2 www.googleadservices.com cdn.segment.com
www.googleadservices.com
2 fonts.gstatic.com www.google.com
2 clientstream.launchdarkly.com www.biltrewards.com
2 vitals.vercel-insights.com www.biltrewards.com
2 cdn.plaid.com www.biltrewards.com
cdn.plaid.com
1 rs.fullstory.com www.biltrewards.com
1 api.segment.io www.biltrewards.com
1 edge.fullstory.com cdn.segment.com
1 ekr.zdassets.com www.biltrewards.com
1 o441793.ingest.sentry.io www.biltrewards.com
1 global.oktacdn.com www.biltrewards.com
1 cdn.deviceinf.com www.biltrewards.com
1 connect.wellsfargoemail.com 1 redirects
171 26
Subject Issuer Validity Valid
www.biltrewards.com
GTS CA 1D4		 2022-05-07 -
2022-08-05		 3 months crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
app.launchdarkly.com
GlobalSign Atlas R3 DV TLS CA H2 2021		 2021-12-24 -
2023-01-25		 a year crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
ssl1036557.cloudflaressl.com
COMODO ECC Domain Validation Secure Server CA 2		 2021-07-08 -
2022-07-07		 a year crt.sh
*.deviceinf.com
Amazon		 2021-07-03 -
2022-08-01		 a year crt.sh
secure.plaid.com
DigiCert SHA2 Extended Validation Server CA		 2022-03-08 -
2023-04-08		 a year crt.sh
*.oktacdn.com
DigiCert TLS RSA SHA256 2020 CA1		 2021-12-22 -
2023-01-22		 a year crt.sh
www.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
vercel-insights.com
Amazon		 2021-10-24 -
2022-11-21		 a year crt.sh
clientstream.launchdarkly.com
Amazon		 2021-09-21 -
2022-10-19		 a year crt.sh
*.ingest.sentry.io
R3		 2022-04-22 -
2022-07-21		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.google.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
biltrewards.zendesk.com
Cloudflare Inc ECC CA-3		 2022-03-07 -
2023-03-06		 a year crt.sh
events.launchdarkly.com
Amazon		 2021-09-19 -
2022-10-17		 a year crt.sh
edge.fullstory.com
GTS CA 1D4		 2022-04-13 -
2022-07-12		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2022-03-06 -
2022-06-04		 3 months crt.sh
www.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.fullstory.com
R3		 2022-04-15 -
2022-07-14		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh
www.google.de
GTS CA 1C3		 2022-05-04 -
2022-07-27		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://www.biltrewards.com/
Frame ID: 29B780AA086A07A42A6B673C92D9A667
Requests: 147 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-5KZTNLX
Frame ID: 2B1986292F1EB6375A877F244A47BEC7
Requests: 1 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Frame ID: 17C7DAF800E11B543F6925F3A53416CC
Requests: 7 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Frame ID: 73F3602530A77E8F87CA8924D8EE2CD2
Requests: 11 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Bilt Rewards - Earn Points on Rent

Page URL History Show full URLs

  1. https://connect.wellsfargoemail.com/a/hBij9xFB8IXCZB96lqFN0N0vwdD/biltrew HTTP 307
    https://www.biltrewards.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

171
Requests

99 %
HTTPS

32 %
IPv6

21
Domains

26
Subdomains

24
IPs

4
Countries

3846 kB
Transfer

8179 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://connect.wellsfargoemail.com/a/hBij9xFB8IXCZB96lqFN0N0vwdD/biltrew HTTP 307
    https://www.biltrewards.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 155
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&ocp_id=MA6RYrmxGdy9mLAPwPKZ4AM&sscte=1&crd= HTTP 302
  • https://www.google.com/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MA6RYrmxGdy9mLAPwPKZ4AM&random=679657592&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MA6RYrmxGdy9mLAPwPKZ4AM&random=679657592&resp=GooglemKTybQhCsO&ipr=y&prhg=0

171 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.biltrewards.com/
Redirect Chain
  • https://connect.wellsfargoemail.com/a/hBij9xFB8IXCZB96lqFN0N0vwdD/biltrew
  • https://www.biltrewards.com/
108 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
003ec990945c225e708f129189e2a29c69f32c713ef41c0d8896fe64b4c70e06
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

access-control-allow-origin
*
age
5657
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
public, max-age=0, must-revalidate
content-disposition
inline; filename="index"
content-encoding
br
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
content-type
text/html; charset=utf-8
date
Fri, 27 May 2022 17:45:18 GMT
etag
W/"003ec990945c225e708f129189e2a29c69f32c713ef41c0d8896fe64b4c70e06"
referrer-policy
origin
server
Vercel
strict-transport-security
max-age=63072000; includeSubDomains; preload
via
1.1 google
x-content-type-options
nosniff
x-matched-path
/
x-vercel-cache
HIT
x-vercel-id
fra1:fra1::jgsmw-1653673518553-54fac86b0701
x-xss-protection
1; mode=block

Redirect headers

Cache-Control
no-cache="set-cookie", private, no-cache
Connection
close
Content-Length
238
Content-Type
text/html; charset=iso-8859-1
Date
Fri, 27 May 2022 17:45:18 GMT
Expires
Sun, 06 Nov 1994 08:49:37 GMT
Location
https://www.biltrewards.com/
P3P
policyref="/w3c/p3p.xml",CP="NON DSP COR CURo ADMo DEVo TAIo IVAo IVDo OUR DELo IND UNI NAV"
Server
Apache
char-_qmark.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-_qmark.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
4ee6dbbb7f5b8dc7e29c106798a7fa5da63ef19e59ba11e2254890284c62e7c4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-_qmark.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1600
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-_qmark.png
etag
W/"4ee6dbbb7f5b8dc7e29c106798a7fa5da63ef19e59ba11e2254890284c62e7c4"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::s5bhn-1653673518587-3900e1a443dd
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-A.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-A.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
672950f42176b6f7449e2ea52f227bf075dbbdc1c5810c3ea3db997f618f97fc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-A.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2329
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-A.png
etag
W/"672950f42176b6f7449e2ea52f227bf075dbbdc1c5810c3ea3db997f618f97fc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v7f9l-1653673518584-ae99b6052f46
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-B.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-B.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
6e65f53664b79dc2745bb7693e3be591e57bc088552ccf635590eeeef672b468
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552634
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-B.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1738
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-B.png
etag
W/"6e65f53664b79dc2745bb7693e3be591e57bc088552ccf635590eeeef672b468"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518612-c6ac5bc03e26
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-C.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-C.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b3145b1cafac206bdd06e995741370b382451f97e4a2b26595739b9016be3538
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-C.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2161
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-C.png
etag
W/"b3145b1cafac206bdd06e995741370b382451f97e4a2b26595739b9016be3538"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v7f9l-1653673518614-ec5fb50ffb1a
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-D.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-D.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9784b4e6fa053d66403311ec1ae59678aabde9f8e40627783c594786efda06a2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-D.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1514
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-D.png
etag
W/"9784b4e6fa053d66403311ec1ae59678aabde9f8e40627783c594786efda06a2"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::t2bp2-1653673518616-096963c9916b
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-E.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		895 B
923 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-E.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9db627bc2100de400684a732411c3ab0fb507137fb7054dfa90b898e160d4214
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-E.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
895
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-E.png
etag
W/"9db627bc2100de400684a732411c3ab0fb507137fb7054dfa90b898e160d4214"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::7fqvs-1653673518616-2d7a6620cdd5
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-F.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		883 B
914 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-F.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
06173114f8547f922ebce6cbda216ecb02989aac0d0f21cd3f3a0f1191b312bd
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-F.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
883
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-F.png
etag
W/"06173114f8547f922ebce6cbda216ecb02989aac0d0f21cd3f3a0f1191b312bd"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518617-edc069a1a0cf
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-G.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-G.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
07e9810ecf8bf51b42ef9841b947b920ee45185f016f5564b5bfd6f3e4d5ab97
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-G.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2157
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-G.png
etag
W/"07e9810ecf8bf51b42ef9841b947b920ee45185f016f5564b5bfd6f3e4d5ab97"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::s7m24-1653673518614-e52c822ba527
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-H.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		877 B
905 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-H.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8fb95c7969fdc3f557910082655914b0409b020e39821b5eea8b074a2c4187b0
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-H.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
877
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-H.png
etag
W/"8fb95c7969fdc3f557910082655914b0409b020e39821b5eea8b074a2c4187b0"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::rrmbs-1653673518617-a24556f7a322
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-I.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		867 B
901 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-I.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
6609bd32ab3c76dd22515334496d60ef456a3a0c0dfe4561acb676d7707a7ea7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-I.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
867
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-I.png
etag
W/"6609bd32ab3c76dd22515334496d60ef456a3a0c0dfe4561acb676d7707a7ea7"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518619-9fcfb1d4fc1d
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-J.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-J.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8b215a3e794574ac7688c0c845b07fc68d98bca0e8393fc6ce86a32a2d203f4d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552634
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-J.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1499
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-J.png
etag
W/"8b215a3e794574ac7688c0c845b07fc68d98bca0e8393fc6ce86a32a2d203f4d"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::vltmc-1653673518618-6eab45a27ce9
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-K.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-K.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
5e65e8004e290b5a96965b9032f949a01bde556451aea27aaaedd4646ba377c7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552634
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-K.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1968
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-K.png
etag
W/"5e65e8004e290b5a96965b9032f949a01bde556451aea27aaaedd4646ba377c7"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v76cm-1653673518618-55080a3053fa
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-L.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		858 B
886 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-L.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
942cd06159f3f74a9d783c18842bc13de37f5f8e09c3c9df20ce80a75312cdcf
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13512002
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-L.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
858
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-L.png
etag
W/"942cd06159f3f74a9d783c18842bc13de37f5f8e09c3c9df20ce80a75312cdcf"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518618-1f643c81675f
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-M.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-M.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
bbf1cc51396e32d938a1703d7821cc2c7dfc3ae74cf9a982a12274f4d3dbaea0
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13535803
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-M.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1500
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-M.png
etag
W/"bbf1cc51396e32d938a1703d7821cc2c7dfc3ae74cf9a982a12274f4d3dbaea0"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::gwcqm-1653673518618-e4abdba074c8
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-N.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-N.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
ce232ec3e32c79734522045651917b9fc38b0dc093e4fca135cccc100da4e7e1
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-N.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1761
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-N.png
etag
W/"ce232ec3e32c79734522045651917b9fc38b0dc093e4fca135cccc100da4e7e1"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::g4xbd-1653673518617-2fe5cbb49190
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-O.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-O.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
38d63d51bd498a15784e1c0774cb996136600a59fdd96648949f938895ff40e5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552638
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-O.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1884
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-O.png
etag
W/"38d63d51bd498a15784e1c0774cb996136600a59fdd96648949f938895ff40e5"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::tz9j2-1653673518621-2483fde65111
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-P.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-P.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
26927b5f910af51b9cac9fb5b756ea5c27a8237300a305d65fa86b6d90473e03
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552637
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-P.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1300
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-P.png
etag
W/"26927b5f910af51b9cac9fb5b756ea5c27a8237300a305d65fa86b6d90473e03"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::gfwhv-1653673518621-05829e384630
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-Q.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-Q.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
a16a2c808cca72b6fab3de1af615d5a8ab1c742defece73669fb29013ef957fc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5476955
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-Q.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2011
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-Q.png
etag
W/"a16a2c808cca72b6fab3de1af615d5a8ab1c742defece73669fb29013ef957fc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::n45gl-1653673518622-2c6909b8c33c
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-R.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-R.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b61fea3d7f849932b01feba2a729e75ea378258978714fb4fd10568baa4104e9
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13513416
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-R.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1758
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-R.png
etag
W/"b61fea3d7f849932b01feba2a729e75ea378258978714fb4fd10568baa4104e9"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::z967p-1653673518619-20367e888bb2
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-S.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-S.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
24c7a9996ad18412ef673399d6091bae57597dffb1fd66b646f16721497bb756
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552634
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-S.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2426
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-S.png
etag
W/"24c7a9996ad18412ef673399d6091bae57597dffb1fd66b646f16721497bb756"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::c7wlr-1653673518623-1103f6fad375
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-T.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		863 B
903 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-T.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
56fb1c1f3f3b9490c85f6698e18f19ea3a2ed443ca43db501b465b43482a0a7a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5520844
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-T.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
863
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-T.png
etag
W/"56fb1c1f3f3b9490c85f6698e18f19ea3a2ed443ca43db501b465b43482a0a7a"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::q4nsd-1653673518622-11aa63d7aab9
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-U.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-U.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
ddbf33f7ac64d0b5deabafa70289ce46e878e739c2d571b9346f4d3ffa2e3bc1
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552637
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-U.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1345
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-U.png
etag
W/"ddbf33f7ac64d0b5deabafa70289ce46e878e739c2d571b9346f4d3ffa2e3bc1"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::jnl4x-1653673518621-b8e5c4bbdbfe
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-V.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-V.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b124b8d5489862f2862e333abeb3d83d7c8342134b98e0c76f730e1d526082cd
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552637
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-V.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1820
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-V.png
etag
W/"b124b8d5489862f2862e333abeb3d83d7c8342134b98e0c76f730e1d526082cd"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::42mcg-1653673518620-220c655d7c83
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-W.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-W.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
3d041419318b343e579c28ccff6e0867df60b785c0b5dad6fa0990218aca8771
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552637
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-W.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1775
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-W.png
etag
W/"3d041419318b343e579c28ccff6e0867df60b785c0b5dad6fa0990218aca8771"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::4kfhn-1653673518630-2f02378e7004
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-X.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-X.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
63295c4779fea180f694aaceb655dc2f7838389610d51997ea2ca50881cc09e2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552637
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-X.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2518
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-X.png
etag
W/"63295c4779fea180f694aaceb655dc2f7838389610d51997ea2ca50881cc09e2"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::k4v9d-1653673518632-67ded5430346
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-Y.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-Y.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
38d81ebdebe55266562823738abaf73753e36a2625845b0d7cc98707cf4edd73
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519101
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-Y.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1937
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-Y.png
etag
W/"38d81ebdebe55266562823738abaf73753e36a2625845b0d7cc98707cf4edd73"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::pk885-1653673518634-9056f25f83c6
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
char-Z.png
www.biltrewards.com/assets/page-components/page-rewards/letters/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-Z.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8f13392da90da141638d9ce7e7f84a7142b4b2e2cf5f0898927c86e548e1cffc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519100
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="char-Z.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1511
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/page-components/page-rewards/letters/char-Z.png
etag
W/"8f13392da90da141638d9ce7e7f84a7142b4b2e2cf5f0898927c86e548e1cffc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::8p87v-1653673518629-afc0abc29a0a
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
1825.4bfbc4d14a47a4dc.js
www.biltrewards.com/_next/static/chunks/ 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/1825.4bfbc4d14a47a4dc.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
2b4ae27b5cbda42a090c2b4bc30dbd0c52f0f30c89abecb74d50fc3261fcc705
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
92204
content-disposition
inline; filename="1825.4bfbc4d14a47a4dc.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/1825.4bfbc4d14a47a4dc.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::2tmnr-1653673518629-e7a27f9e81b6
etag
W/"2b4ae27b5cbda42a090c2b4bc30dbd0c52f0f30c89abecb74d50fc3261fcc705"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
webpack-d7d8042059b064a2.js
www.biltrewards.com/_next/static/chunks/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
cb381b6c654e6c059e2b1decb1648fb741fa8592c2bb3e8f9bdf23ef61da527a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
52762
content-disposition
inline; filename="webpack-d7d8042059b064a2.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/webpack-d7d8042059b064a2.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::q4nsd-1653673518633-72fb48fcb135
etag
W/"cb381b6c654e6c059e2b1decb1648fb741fa8592c2bb3e8f9bdf23ef61da527a"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
framework-560765ab0625ba27.js
www.biltrewards.com/_next/static/chunks/ 		127 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/framework-560765ab0625ba27.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
4ac51ffc4bca5ed831338ca7656a8446f9dd02fb72c7c70e0440a6cffd8cdf99
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
8188619
content-disposition
inline; filename="framework-560765ab0625ba27.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/framework-560765ab0625ba27.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::tz9j2-1653673518633-51d606813f2a
etag
W/"4ac51ffc4bca5ed831338ca7656a8446f9dd02fb72c7c70e0440a6cffd8cdf99"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
main-2b92244af99505af.js
www.biltrewards.com/_next/static/chunks/ 		100 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
2617b0a64564899ba3b821f79c20ff44d44ede8c228fa9b4004da45e12735a10
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
42873
content-disposition
inline; filename="main-2b92244af99505af.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/main-2b92244af99505af.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::n45gl-1653673518633-28444158ffb0
etag
W/"2617b0a64564899ba3b821f79c20ff44d44ede8c228fa9b4004da45e12735a10"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
_app-0a6da720f74e2c51.js
www.biltrewards.com/_next/static/chunks/pages/ 		593 KB
174 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
bf7340f5f43011f8b3fa46a4b3131c7612f9786571843f2fb163d3c79da36b16
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
6057
content-disposition
inline; filename="_app-0a6da720f74e2c51.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::dt74h-1653673518622-21661e58196d
etag
W/"bf7340f5f43011f8b3fa46a4b3131c7612f9786571843f2fb163d3c79da36b16"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
3408-198e625439ac8e99.js
www.biltrewards.com/_next/static/chunks/ 		42 KB
16 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/3408-198e625439ac8e99.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
05e2a8300b64a2b58bf384cdc6f16463d2a2026dde3fa001f2652db853138d2e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
5259922
content-disposition
inline; filename="3408-198e625439ac8e99.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/3408-198e625439ac8e99.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::gwcqm-1653673518631-f0105de99d72
etag
W/"05e2a8300b64a2b58bf384cdc6f16463d2a2026dde3fa001f2652db853138d2e"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
135-535a34ddf757339d.js
www.biltrewards.com/_next/static/chunks/ 		18 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/135-535a34ddf757339d.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b1ef0b7808944a4be929303974900dc183ad461aed901c1a6b486a53575c9e0e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
67646
content-disposition
inline; filename="135-535a34ddf757339d.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/135-535a34ddf757339d.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::g4xbd-1653673518633-0972c2b9d017
etag
W/"b1ef0b7808944a4be929303974900dc183ad461aed901c1a6b486a53575c9e0e"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
1609-ffd52a3d9850f996.js
www.biltrewards.com/_next/static/chunks/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/1609-ffd52a3d9850f996.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
75a28d05fdb8a68702891739e91dbcc63f36486f1a0b267591bd6f273f3160ce
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
4229952
content-disposition
inline; filename="1609-ffd52a3d9850f996.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/1609-ffd52a3d9850f996.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::42mcg-1653673518633-e52dab6e86c1
etag
W/"75a28d05fdb8a68702891739e91dbcc63f36486f1a0b267591bd6f273f3160ce"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
5658-9c3170480655db40.js
www.biltrewards.com/_next/static/chunks/ 		18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/5658-9c3170480655db40.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
f6403996a306c2c571b0167780ac0cd0039f302504e1536ec2fa5e6f95c9abf7
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
68406
content-disposition
inline; filename="5658-9c3170480655db40.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/5658-9c3170480655db40.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::g4xbd-1653673518636-9d9b83690e3c
etag
W/"f6403996a306c2c571b0167780ac0cd0039f302504e1536ec2fa5e6f95c9abf7"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
7503-4e4af682cf3461c6.js
www.biltrewards.com/_next/static/chunks/ 		21 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/7503-4e4af682cf3461c6.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
dcb004f76d7e2ed45b8215de6027794fe59ad4d5ffbe296a1987b3129c0fe6d2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
79862
content-disposition
inline; filename="7503-4e4af682cf3461c6.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/7503-4e4af682cf3461c6.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::nd6pk-1653673518633-ff63757a0cb9
etag
W/"dcb004f76d7e2ed45b8215de6027794fe59ad4d5ffbe296a1987b3129c0fe6d2"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
3017-9e6fbb5627a2a5f4.js
www.biltrewards.com/_next/static/chunks/ 		29 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/3017-9e6fbb5627a2a5f4.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
2193fe1e9bca2fcc0e97d7bd773fbaa3bdea0c15c75675482258fc4488dc3779
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
28045
content-disposition
inline; filename="3017-9e6fbb5627a2a5f4.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/3017-9e6fbb5627a2a5f4.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::jnl4x-1653673518634-024c620881f5
etag
W/"2193fe1e9bca2fcc0e97d7bd773fbaa3bdea0c15c75675482258fc4488dc3779"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
9654-0ef3b80425cb0fc7.js
www.biltrewards.com/_next/static/chunks/ 		40 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/9654-0ef3b80425cb0fc7.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
2d94fba7228619dfd414beb0bac8b57e94df3f17907a9c20d04ecf9e072001ac
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
78105
content-disposition
inline; filename="9654-0ef3b80425cb0fc7.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/9654-0ef3b80425cb0fc7.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::nd6pk-1653673518633-952aa3247705
etag
W/"2d94fba7228619dfd414beb0bac8b57e94df3f17907a9c20d04ecf9e072001ac"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
5130-8e34114af0684ee3.js
www.biltrewards.com/_next/static/chunks/ 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/5130-8e34114af0684ee3.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
a884921bc536a42098ceb2ca03779fe403e028397750c7cbf27d3d8b4969ead3
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
71614
content-disposition
inline; filename="5130-8e34114af0684ee3.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/5130-8e34114af0684ee3.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::dt74h-1653673518633-c56c7229293c
etag
W/"a884921bc536a42098ceb2ca03779fe403e028397750c7cbf27d3d8b4969ead3"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
index-d35e5708f396db83.js
www.biltrewards.com/_next/static/chunks/pages/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/index-d35e5708f396db83.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
14782634390cb6ea99c6b7cb06bb4a3a810d7ac397d1748f957a259a99474a16
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
84095
content-disposition
inline; filename="index-d35e5708f396db83.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/pages/index-d35e5708f396db83.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::t2bp2-1653673518636-b0e9b56e1d1e
etag
W/"14782634390cb6ea99c6b7cb06bb4a3a810d7ac397d1748f957a259a99474a16"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
_buildManifest.js
www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/_buildManifest.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
617e380247c74612246759aaa26f95159c043538dfd9c9c0554cdee3169f304e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
19704
content-disposition
inline; filename="_buildManifest.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/xCi4DK5iBaqFnIezwSChV/_buildManifest.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::v7f9l-1653673518633-155be6552a78
etag
W/"617e380247c74612246759aaa26f95159c043538dfd9c9c0554cdee3169f304e"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
_ssgManifest.js
www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/ 		191 B
238 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/_ssgManifest.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
beca80824e2e357211cb3c530334e571f84292195ad3b5b76c42b864877f831e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
6187348
content-disposition
inline; filename="_ssgManifest.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
191
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/xCi4DK5iBaqFnIezwSChV/_ssgManifest.js
date
Fri, 27 May 2022 17:45:18 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::v76cm-1653673518636-4e881ec193ed
cache-control
public,max-age=31536000,immutable
etag
W/"beca80824e2e357211cb3c530334e571f84292195ad3b5b76c42b864877f831e"
accept-ranges
bytes
_middlewareManifest.js
www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/ 		92 B
141 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/xCi4DK5iBaqFnIezwSChV/_middlewareManifest.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552640
content-disposition
inline; filename="_middlewareManifest.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
92
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/xCi4DK5iBaqFnIezwSChV/_middlewareManifest.js
date
Fri, 27 May 2022 17:45:18 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::xgrjx-1653673518641-6e58a9640b44
cache-control
public,max-age=31536000,immutable
etag
W/"de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a"
accept-ranges
bytes
loyalty-program-mobile.png
www.biltrewards.com/assets/rewards-page/ 		38 KB
38 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/loyalty-program-mobile.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
afb2631f475053e09b4f1153c787d2b632d8e07aaacbd64de650fd99efa42836
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3856099
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="loyalty-program-mobile.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
38602
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/loyalty-program-mobile.png
etag
W/"afb2631f475053e09b4f1153c787d2b632d8e07aaacbd64de650fd99efa42836"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518636-db627adc7fd2
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
loyalty-program.png
www.biltrewards.com/assets/rewards-page/ 		179 KB
179 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/loyalty-program.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
cf20b62a8aad2bb30ba67126f7f265155657c5d0451a2a7667b71ed04b565953
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="loyalty-program.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
182899
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/loyalty-program.png
etag
W/"cf20b62a8aad2bb30ba67126f7f265155657c5d0451a2a7667b71ed04b565953"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::t2bp2-1653673518638-87663042cd18
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
alliance-building.png
www.biltrewards.com/assets/rewards-page/ 		342 KB
342 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/alliance-building.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9741696519f07e328276ea6794b22ae8643e4c963d48097137e583428c3b8612
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3834263
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="alliance-building.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
349715
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/alliance-building.png
etag
W/"9741696519f07e328276ea6794b22ae8643e4c963d48097137e583428c3b8612"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::n45gl-1653673518639-5368015a1e8c
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
card-tile.png
www.biltrewards.com/assets/rewards-page/ 		405 KB
405 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/card-tile.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
72197b944952d763f50177fc294aa394c60991dfc529e34343a7b9e7542afc7d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="card-tile.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
414256
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/card-tile.png
etag
W/"72197b944952d763f50177fc294aa394c60991dfc529e34343a7b9e7542afc7d"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::s5bhn-1653673518633-fb79305578be
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-american.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-american.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
aa9cbb9a44d3224aa1966b1da066dc14abedf0f67d4307befd5679698dd2f646
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-american.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4688
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-american.png
etag
W/"aa9cbb9a44d3224aa1966b1da066dc14abedf0f67d4307befd5679698dd2f646"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::cf6b2-1653673518632-f9cfe1125287
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-air-canada.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-air-canada.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
017178dcf5d21c00839ecff3640db41191e92b0fe8a2a31cfec5fde93fb087be
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-air-canada.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4945
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-air-canada.png
etag
W/"017178dcf5d21c00839ecff3640db41191e92b0fe8a2a31cfec5fde93fb087be"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::gfwhv-1653673518633-4734ad418bd3
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-hawaiian.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-hawaiian.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
3c504074f03c894db4e1c9c323142e87f9227326ea1299af088252b7978e0ecc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-hawaiian.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4942
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-hawaiian.png
etag
W/"3c504074f03c894db4e1c9c323142e87f9227326ea1299af088252b7978e0ecc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v7f9l-1653673518637-705ae04be2d5
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-virgin.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-virgin.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
d22c8b6bb5bf671dce15075d342bfb5cb64950bfb141ebea0f2fc3b2b7b8e1bf
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-virgin.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4797
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-virgin.png
etag
W/"d22c8b6bb5bf671dce15075d342bfb5cb64950bfb141ebea0f2fc3b2b7b8e1bf"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::cf6b2-1653673518633-c8dc5fd07a81
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-turkish.png
www.biltrewards.com/assets/rewards-page/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-turkish.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
70d3ee03b81dd8671144ec4457dd3f0a59ad55fb1d17a2bd91a53e17b03afa62
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-turkish.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3883
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-turkish.png
etag
W/"70d3ee03b81dd8671144ec4457dd3f0a59ad55fb1d17a2bd91a53e17b03afa62"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::n45gl-1653673518639-9338cb542e45
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-ihg.png
www.biltrewards.com/assets/rewards-page/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-ihg.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
73f5d091c1f3f07eb2f31688d9312e8dc8029ad605036d77bc437fccdd400065
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-ihg.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2497
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-ihg.png
etag
W/"73f5d091c1f3f07eb2f31688d9312e8dc8029ad605036d77bc437fccdd400065"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::c7wlr-1653673518633-b5d8080580b4
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-hyatt.png
www.biltrewards.com/assets/rewards-page/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-hyatt.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
20a7f63d08f71cfa4b213061dbad6bfa9dd5337ec008d318a3f74fd84f027572
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-hyatt.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2709
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-hyatt.png
etag
W/"20a7f63d08f71cfa4b213061dbad6bfa9dd5337ec008d318a3f74fd84f027572"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::n45gl-1653673518649-46c0e7bf5204
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-emirates.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-emirates.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8fb57e05dd15f57d3b71259e5946ccde124f6c19802a71f3313eb49215055a2f
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3856709
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-emirates.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4926
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-emirates.png
etag
W/"8fb57e05dd15f57d3b71259e5946ccde124f6c19802a71f3313eb49215055a2f"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518637-4086b1fe19b7
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-blue.png
www.biltrewards.com/assets/rewards-page/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-blue.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8d6503099eb499e121308418af58c8981dd9dcddcb158bb5c11b226bc2867f78
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-blue.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5067
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-blue.png
etag
W/"8d6503099eb499e121308418af58c8981dd9dcddcb158bb5c11b226bc2867f78"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::c7wlr-1653673518636-7a239d2522f9
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-asia-miles.png
www.biltrewards.com/assets/rewards-page/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-asia-miles.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
993bb9be452ded2e791248f9a5a60c8d96d6c2db7cf73a1eb6c7f3a6fd9d1372
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-asia-miles.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1858
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-asia-miles.png
etag
W/"993bb9be452ded2e791248f9a5a60c8d96d6c2db7cf73a1eb6c7f3a6fd9d1372"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::vltmc-1653673518636-4f7bdcd9753a
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
travel-united.png
www.biltrewards.com/assets/rewards-page/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/travel-united.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
791a519318f021e2fb0f0d242dcb8b2be51a2e32119e0ac6aa9d3b2f29b9cd0e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3838851
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="travel-united.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1798
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/travel-united.png
etag
W/"791a519318f021e2fb0f0d242dcb8b2be51a2e32119e0ac6aa9d3b2f29b9cd0e"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v76cm-1653673518636-af7d1ff9578e
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
PWP-mobile.png
www.biltrewards.com/assets/marketing/ 		87 KB
87 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/marketing/PWP-mobile.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9a620893a850e426ddd3522d284a92d039821ea06dddca53ea79b0ec5e2323ee
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="PWP-mobile.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
88759
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/marketing/PWP-mobile.png
etag
W/"9a620893a850e426ddd3522d284a92d039821ea06dddca53ea79b0ec5e2323ee"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518636-54a26cceb75e
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
fitness-rumble.png
www.biltrewards.com/assets/rewards-page/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/fitness-rumble.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8bf846c6758f7f66e0000cd2888a9224c8bb7116ec149c999034e71a6c38804e
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519102
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="fitness-rumble.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8992
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/fitness-rumble.png
etag
W/"8bf846c6758f7f66e0000cd2888a9224c8bb7116ec149c999034e71a6c38804e"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::s5bhn-1653673518635-2ef45b24b5ac
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
fitness-y7.png
www.biltrewards.com/assets/rewards-page/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/fitness-y7.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9d581dfdd99698d758f2a64426000c944e0c5bf1462ebac3c47409c66980834f
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552635
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="fitness-y7.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7934
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/fitness-y7.png
etag
W/"9d581dfdd99698d758f2a64426000c944e0c5bf1462ebac3c47409c66980834f"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::k4v9d-1653673518643-91219887e90a
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
fitness-soulcycle.png
www.biltrewards.com/assets/rewards-page/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/fitness-soulcycle.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9fc7c3029252cf20f64f26c4858115a9c4aa62e971840977adc08f99fb33da29
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5520844
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="fitness-soulcycle.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
10520
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/fitness-soulcycle.png
etag
W/"9fc7c3029252cf20f64f26c4858115a9c4aa62e971840977adc08f99fb33da29"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::v7f9l-1653673518637-e030ab7f8e34
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
fitness-solidcore.png
www.biltrewards.com/assets/rewards-page/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/fitness-solidcore.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b86f77256bb25c1d3c54b9abbe62d4da08d57f78df65f10cd496c81b363b1c4d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
4843138
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="fitness-solidcore.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6524
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/fitness-solidcore.png
etag
W/"b86f77256bb25c1d3c54b9abbe62d4da08d57f78df65f10cd496c81b363b1c4d"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::kzrbx-1653673518651-99c27902ffb5
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
record-player.jpg
www.biltrewards.com/assets/bilt-collection/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/record-player.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
bff5c0074ba392b4f04642c753dc35fa31b6809fd1619044668fb51de973afd1
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3868567
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="record-player.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8629
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/record-player.jpg
etag
W/"bff5c0074ba392b4f04642c753dc35fa31b6809fd1619044668fb51de973afd1"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::kzrbx-1653673518651-40e975b95a4b
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
vase.jpg
www.biltrewards.com/assets/bilt-collection/ 		5 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/vase.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
1375c9fc7d3b6fe1327308bb3b4dc4a0465d6783a2e6f0a08cce94f63330bb79
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="vase.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5002
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/vase.jpg
etag
W/"1375c9fc7d3b6fe1327308bb3b4dc4a0465d6783a2e6f0a08cce94f63330bb79"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::s7m24-1653673518633-685fd8b5fb4b
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
lamp-light.jpg
www.biltrewards.com/assets/bilt-collection/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/lamp-light.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
27a37040cd516d498c7c287b9b84b0a2fc2ef7915d92960a5761fc4ac0883d20
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="lamp-light.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
5806
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/lamp-light.jpg
etag
W/"27a37040cd516d498c7c287b9b84b0a2fc2ef7915d92960a5761fc4ac0883d20"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::rcvtg-1653673518651-89cf7f3b01e5
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
bricks.jpg
www.biltrewards.com/assets/bilt-collection/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/bricks.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
92751b3021e21325c6502131ebecd2a008fe489956e08697d38741f1e5af9134
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="bricks.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6835
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/bricks.jpg
etag
W/"92751b3021e21325c6502131ebecd2a008fe489956e08697d38741f1e5af9134"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::n2qrw-1653673518650-84c33656de80
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
painting-woman.jpg
www.biltrewards.com/assets/bilt-collection/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/painting-woman.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
82f12d9b91af1f68ede816d37db668f8684e1ebc99b2bd03d8d7fb505a4a942c
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3862014
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="painting-woman.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6033
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/painting-woman.jpg
etag
W/"82f12d9b91af1f68ede816d37db668f8684e1ebc99b2bd03d8d7fb505a4a942c"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::kzrbx-1653673518651-3fca06470ea4
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
painting-man.jpg
www.biltrewards.com/assets/bilt-collection/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/bilt-collection/painting-man.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
7eb678d1e8d1866ad3cef9b1bbeadbf2626fa8b5754f5465bb3782593e7fabbc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
3878845
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="painting-man.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6311
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/bilt-collection/painting-man.jpg
etag
W/"7eb678d1e8d1866ad3cef9b1bbeadbf2626fa8b5754f5465bb3782593e7fabbc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::s7m24-1653673518636-b70d29d4716c
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
tier-blue.png
www.biltrewards.com/assets/badges/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/badges/tier-blue.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
43af19eff5cc628f7cc09c2019fd07f11e44337b5454ed17ab8a10bfd00398dc
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552635
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="tier-blue.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2700
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/badges/tier-blue.png
etag
W/"43af19eff5cc628f7cc09c2019fd07f11e44337b5454ed17ab8a10bfd00398dc"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::42mcg-1653673518636-27f4d87ef36f
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
tier-silver.png
www.biltrewards.com/assets/badges/ 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/badges/tier-silver.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
396f52352b802f1581009b85ed7b1b6de498e6874e2befd54a42631e4b8f32b4
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519100
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="tier-silver.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2139
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/badges/tier-silver.png
etag
W/"396f52352b802f1581009b85ed7b1b6de498e6874e2befd54a42631e4b8f32b4"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::rcvtg-1653673518651-806856075b05
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
tier-gold.png
www.biltrewards.com/assets/badges/ 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/badges/tier-gold.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
64c7e49c281ac235d174f1e183eeb05a56b5dd97bd5499f2a6320f4657c2d1ec
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519100
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="tier-gold.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2988
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/badges/tier-gold.png
etag
W/"64c7e49c281ac235d174f1e183eeb05a56b5dd97bd5499f2a6320f4657c2d1ec"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::7fqvs-1653673518636-7acdfa131e91
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
tier-platinum.png
www.biltrewards.com/assets/badges/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/badges/tier-platinum.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
5a5fcdbc50a5de079e6e6542d568f7d7a96a1ca1be1ee2f4cbf0fdb1a0574225
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13511668
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="tier-platinum.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3811
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/badges/tier-platinum.png
etag
W/"5a5fcdbc50a5de079e6e6542d568f7d7a96a1ca1be1ee2f4cbf0fdb1a0574225"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::dt74h-1653673518642-f8d67cc2dbe7
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
bilt-logo-header.svg
www.biltrewards.com/assets/card-page/logos/ 		2 KB
978 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/card-page/logos/bilt-logo-header.svg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
7fe606288832a08bf522ae87b59526b4aad177ad43ef85fb3476cde34522c88a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:18 GMT
content-encoding
br
x-content-type-options
nosniff
age
13552639
content-disposition
inline; filename="bilt-logo-header.svg"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public, max-age=0, must-revalidate
x-matched-path
/assets/card-page/logos/bilt-logo-header.svg
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/svg+xml
via
1.1 google
x-vercel-id
fra1:fra1::n2qrw-1653673518650-56e8fd32e09f
etag
W/"7fe606288832a08bf522ae87b59526b4aad177ad43ef85fb3476cde34522c88a"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
alliance-logos-desktop-2.png
www.biltrewards.com/assets/rewards-page/ 		30 KB
30 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/rewards-page/alliance-logos-desktop-2.png
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e63d6414c684904ae82274009988e00b8fe24869f3d1ebd358b9cfb45eda8095
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
4843138
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="alliance-logos-desktop-2.png"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
31070
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/rewards-page/alliance-logos-desktop-2.png
etag
W/"e63d6414c684904ae82274009988e00b8fe24869f3d1ebd358b9cfb45eda8095"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/png
x-vercel-id
fra1:fra1::jnl4x-1653673518637-786729c70cee
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
GT-America-Extended-Bold.woff2
www.biltrewards.com/assets/fonts/ 		63 KB
63 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/assets/fonts/GT-America-Extended-Bold.woff2
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13552639
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="GT-America-Extended-Bold.woff2"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
64096
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/fonts/GT-America-Extended-Bold.woff2
etag
W/"4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
font/woff2
x-vercel-id
fra1:fra1::7fqvs-1653673518639-d588b56236bf
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
GT-America-Standard-Regular.woff2
www.biltrewards.com/assets/fonts/ 		57 KB
57 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/assets/fonts/GT-America-Standard-Regular.woff2
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
5519102
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="GT-America-Standard-Regular.woff2"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
58164
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/fonts/GT-America-Standard-Regular.woff2
etag
W/"9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
font/woff2
x-vercel-id
fra1:fra1::rcvtg-1653673518661-c4ba6e45385e
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
ns.html
www.googletagmanager.com/ Frame 2B19 		266 B
504 B 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/ns.html?id=GTM-5KZTNLX
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.biltrewards.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-length
92
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 27 May 2022 17:45:19 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-xss-protection
0
haze5.jpg
www.biltrewards.com/assets/ 		150 KB
150 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.biltrewards.com/assets/haze5.jpg
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
077104364eb0971401d264dce42cceeaf00f562ce5c389eb4e4ab238f737ec8a
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
6064225
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="haze5.jpg"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
153251
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/haze5.jpg
etag
W/"077104364eb0971401d264dce42cceeaf00f562ce5c389eb4e4ab238f737ec8a"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
image/jpeg
x-vercel-id
fra1:fra1::vltmc-1653673518638-51c4dd1c315e
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
GT-America-Standard-Bold.woff2
www.biltrewards.com/assets/fonts/ 		61 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/assets/fonts/GT-America-Standard-Bold.woff2
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9dd316606967a03abedcf35c83300f9763241b13a2066f67dabff0573def70e5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13511670
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="GT-America-Standard-Bold.woff2"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62460
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/fonts/GT-America-Standard-Bold.woff2
etag
W/"9dd316606967a03abedcf35c83300f9763241b13a2066f67dabff0573def70e5"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
font/woff2
x-vercel-id
fra1:fra1::dt74h-1653673518638-4d95b9d6ef1b
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
GT-America-Condensed-Light.woff2
www.biltrewards.com/assets/fonts/ 		61 KB
61 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/assets/fonts/GT-America-Condensed-Light.woff2
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13528083
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="GT-America-Condensed-Light.woff2"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
62684
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/fonts/GT-America-Condensed-Light.woff2
etag
W/"7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
font/woff2
x-vercel-id
fra1:fra1::g4xbd-1653673518651-f023ae30325d
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
GT-America-Mono-Medium.woff2
www.biltrewards.com/assets/fonts/ 		47 KB
47 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/assets/fonts/GT-America-Mono-Medium.woff2
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b02546b57554da630a4827a7755b1f72d22374513f811dc0590ebe942758cbfa
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
13494064
date
Fri, 27 May 2022 17:45:18 GMT
content-disposition
inline; filename="GT-America-Mono-Medium.woff2"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
48256
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/assets/fonts/GT-America-Mono-Medium.woff2
etag
W/"b02546b57554da630a4827a7755b1f72d22374513f811dc0590ebe942758cbfa"
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
font/woff2
x-vercel-id
fra1:fra1::fnzqt-1653673518652-5422fdb87537
cache-control
public, max-age=0, must-revalidate
accept-ranges
bytes
618bdb37dea1430e77a22346
app.launchdarkly.com/sdk/goals/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/618bdb37dea1430e77a22346
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://www.biltrewards.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Fri, 27 May 2022 17:45:19 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-served-by
cache-hhn4073-HHN
x-timer
S1653673519.263419,VS0,VE1
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://www.biltrewards.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Fri, 27 May 2022 17:45:19 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
1
x-served-by
cache-hhn4073-HHN
x-timer
S1653673519.263552,VS0,VE1
6023.3ee300b5fade629e.js
www.biltrewards.com/_next/static/chunks/ 		83 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
8ad6d13fee83b71a4d43a8be8b00b758afb39d6ac6ceb1d301400c4cd1998ae8
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
92196
content-disposition
inline; filename="6023.3ee300b5fade629e.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/6023.3ee300b5fade629e.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::c7wlr-1653673519139-9901b6e32066
etag
W/"8ad6d13fee83b71a4d43a8be8b00b758afb39d6ac6ceb1d301400c4cd1998ae8"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
1626.f818ab53b55c0b57.js
www.biltrewards.com/_next/static/chunks/ 		38 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/1626.f818ab53b55c0b57.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
9de3a0d4faba063680102ff637bd2b05f60a1fa558b60874a50be9880e3474f6
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
40602
content-disposition
inline; filename="1626.f818ab53b55c0b57.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/1626.f818ab53b55c0b57.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::n45gl-1653673519134-5fa3b15834a9
etag
W/"9de3a0d4faba063680102ff637bd2b05f60a1fa558b60874a50be9880e3474f6"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
analytics.min.js
cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 		92 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
2d6455fc2954e6d5c91442e58fee811b6d0f1e093db1974fda7b4ce400ddb9fd

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
2kmIEap2iY0mqUkK0ysYInNO3k7zqiq7
content-encoding
br
etag
W/"5bdc8cf8a0888857d75eacfc54779e39"
x-amz-cf-pop
FRA50-C1
x-cache
RefreshHit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 25 May 2022 01:20:32 GMT
server
AmazonS3
date
Fri, 27 May 2022 17:45:20 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public, max-age=120
x-amz-cf-id
P5E7VqWPql3KE744wQJDhbr_abd7QE7OpaGSb9nPBQSHb772Ai4m0Q==
gtm.js
www.googletagmanager.com/ 		100 KB
38 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
62367c69a906d55ff6cacb5b8b3edb8a7a77646ad5634bf7d0c9d5a864102f84
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
38489
x-xss-protection
0
last-modified
Fri, 27 May 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Fri, 27 May 2022 17:45:19 GMT
761f7e8d.228a71d0cd37b667.js
www.biltrewards.com/_next/static/chunks/ 		168 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/761f7e8d.228a71d0cd37b667.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
6b6e3741da64b258a30bc3b319b26abc9f5071f6a535c50d5720ddfd23fcefd5
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
92196
content-disposition
inline; filename="761f7e8d.228a71d0cd37b667.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/761f7e8d.228a71d0cd37b667.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::tz9j2-1653673519176-b984fd1b8c07
etag
W/"6b6e3741da64b258a30bc3b319b26abc9f5071f6a535c50d5720ddfd23fcefd5"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
4658.b29d7f24ae4f8b43.js
www.biltrewards.com/_next/static/chunks/ 		140 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/4658.b29d7f24ae4f8b43.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
44852fe22a924101bfd0a59d234a400863ca0a7602058af8b3a2afb90851183f
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
78107
content-disposition
inline; filename="4658.b29d7f24ae4f8b43.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/4658.b29d7f24ae4f8b43.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::c7wlr-1653673519176-56b602e74fb1
etag
W/"44852fe22a924101bfd0a59d234a400863ca0a7602058af8b3a2afb90851183f"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
199.9daed287bcb276d2.js
www.biltrewards.com/_next/static/chunks/ 		83 B
131 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/199.9daed287bcb276d2.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
ad1303dc9951f456de277453f930d453afb78be0d40c6e95ec65b219c3715d42
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
2815252
content-disposition
inline; filename="199.9daed287bcb276d2.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
83
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/chunks/199.9daed287bcb276d2.js
date
Fri, 27 May 2022 17:45:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::4qrxs-1653673519182-96a3aa9bba90
cache-control
public,max-age=31536000,immutable
etag
W/"ad1303dc9951f456de277453f930d453afb78be0d40c6e95ec65b219c3715d42"
accept-ranges
bytes
snippet.js
static.zdassets.com/ekr/ 		23 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=efeeee0d-dd1d-434e-863e-08a4f147cdc5
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3cbfe1c077ba0169a3fb52f9173b184da791852587d1d4f5aac9b6e09e76894e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
13
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
5JKE5QWF5BRJSC8X
x-amz-id-2
CklyZwXRPitLawM4dpP4Kh7vAuIT14jzHLjdbbbhk1AumHlNwnZRMiRIJxdVHE4wpBKxrndPvLk=
last-modified
Sun, 22 May 2022 23:46:14 GMT
server
cloudflare
etag
W/"dbe08d968cf68b63a92fabf97b86a1d2"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=eJrxfsRoKYxp0BrWlt%2FQfOs7f0vSf05NnZkmEQKDkd5NsqBu2awMFMv0eN3MG3abTKc420SGmr4rWXM5L0GeVbQgGwYRnVx7dHSaEFs%2Fmc7FJq6xwu77MFr5zkV5cTHvWpMyoIo%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
cache-control
public, max-age=3600, s-maxage=60
x-amz-version-id
HArG.fc9KVhi0qJ1ccdxCoc0fJmPdk8d
cf-ray
712090471dd9693a-FRA
agent.js
cdn.deviceinf.com/js/v4/ 		309 KB
109 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.deviceinf.com/js/v4/agent.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-80.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
97418d4ece7755a0187c246ab2cf1855e055d67ca779eb49c45a3363885345df

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
sczL12YmbBA4kKsUeDxPMkRbGn6byftK
content-encoding
gzip
last-modified
Fri, 13 May 2022 14:36:11 GMT
server
AmazonS3
age
2302
etag
W/"b77723305d260466e82b49715e1bbfda"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
cache-control
max-age=3600
date
Fri, 27 May 2022 17:45:19 GMT
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
H3oJbCA8u-s0AiQ1k3Qsc9fSV_EGr2u53yddPx69yaXfwalR0KbK3w==
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		89 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-86.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a40bccb1c0f66459f283126bdbaa3c94e5e1bb11c11e904f364a3e6280c7cbe7

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
jggAcJa.XOc8xTJey0WlXu0u7IvOaEbL
content-encoding
gzip
etag
W/"b5d0a0d1da5029c3fa85537007957743"
age
1929
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-request-id
4A0PZYQPNSNQD543
x-amz-id-2
dDsfPfiHepc6PsWSPWstV3GOF7CMTjPouBfjwkOCoel1fbPHwFl0PUQXHFY9xLNIR+x13RuTcp8=
last-modified
Thu, 26 May 2022 16:37:30 GMT
server
AmazonS3
date
Fri, 27 May 2022 17:13:11 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
gZwiAoVhH_zOnthEG0V6ra2ONXWDl3VuPeOaJ3i6zRUH-fklO6icjQ==
okta-auth-js.polyfill.js
global.oktacdn.com/okta-auth-js/4.0.0/ 		607 KB
214 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://global.oktacdn.com/okta-auth-js/4.0.0/okta-auth-js.polyfill.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.23 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-23.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b4fef596b95896436e92db38806748a6cb864c84d475ceee87001ee0cdcefea9
Security Headers
Name Value
Strict-Transport-Security max-age=315360000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
3ShsOgODY1AsrePvi33t9Wcj5swESuyv
content-encoding
gzip
x-content-type-options
nosniff
age
42227
x-cache
Hit from cloudfront
date
Fri, 27 May 2022 06:01:33 GMT
x-amz-replication-status
COMPLETED
strict-transport-security
max-age=315360000
via
1.1 055d899361491602a9ef1eb0cdc5e336.cloudfront.net (CloudFront)
last-modified
Fri, 14 Aug 2020 23:13:49 GMT
server
AmazonS3
etag
W/"ae0eb4366eca02c44b6c5404bbfe6d83"
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,s-maxage=1814400
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
F18EER9H0O9TSiiem09KGiOuBIbtntiQuNcNvHDpEGo0AJTNk5O9kg==
enterprise.js
www.google.com/recaptcha/ 		974 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise.js?render=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
c77d7cf308c731e61d1e11dd647209c66c148c1b9f8236eeb1fe4a15a7086bba
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
x-frame-options
SAMEORIGIN
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
cross-origin-resource-policy
cross-origin
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
615
x-xss-protection
1; mode=block
expires
Fri, 27 May 2022 17:45:19 GMT
vitals
vitals.vercel-insights.com/v1/ 		2 B
134 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://vitals.vercel-insights.com/v1/vitals
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.170.56.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-170-56-53.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
x-ratelimit-reset
36
x-ratelimit-limit
1000
content-length
2
x-ratelimit-remaining
999
content-type
text/plain; charset=utf-8
618bdb37dea1430e77a22346
app.launchdarkly.com/sdk/goals/ 		2 B
176 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/goals/618bdb37dea1430e77a22346
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.biltrewards.com/
X-LaunchDarkly-Wrapper
react-client-sdk/2.26.0
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/2.22.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
content-md5
d751713988987e9331980363e24189ce
age
0
x-cache
HIT
access-control-max-age
300
date
Fri, 27 May 2022 17:45:19 GMT
content-length
26
x-served-by
cache-hhn4073-HHN
access-control-allow-origin
*
ld-region
us-east-1
x-timer
S1653673519.273105,VS0,VE1
etag
"d751713988987e9331980363e24189ce"
vary
Accept-Encoding
access-control-allow-methods
GET, OPTIONS, HEAD
content-type
application/json
via
1.1 varnish
cache-control
max-age=0
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
x-cache-hits
1
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/ 		288 B
504 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/pages/_app-0a6da720f74e2c51.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
cc6516a7f2ee373787944faca2b086814681696878be8f4198a4fb6d48957a38

Request headers

Referer
https://www.biltrewards.com/
X-LaunchDarkly-Wrapper
react-client-sdk/2.26.0
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/2.22.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
gzip
vary
Authorization, Accept-Encoding
age
0
x-cache
HIT
content-length
144
x-served-by
cache-hhn4030-HHN, cache-hhn4073-HHN
access-control-allow-origin
*
x-timer
S1653673519.273092,VS0,VE2
etag
"203dbb"
access-control-max-age
3600
access-control-allow-methods
OPTIONS, GET
content-type
application/json
via
1.1 varnish
cache-control
max-age=0
accept-ranges
bytes
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
x-cache-hits
1
9009-75a811bffa12aa44.js
www.biltrewards.com/_next/static/chunks/ 		0
9 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/9009-75a811bffa12aa44.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
92195
content-disposition
inline; filename="9009-75a811bffa12aa44.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/9009-75a811bffa12aa44.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::rcvtg-1653673519321-52cb91e0f1de
etag
W/"888ae88df52dbf2efd563c8d79b82580bdef5190b7bc2ce6e860408167579d30"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
1421-5b7a9530af0851c2.js
www.biltrewards.com/_next/static/chunks/ 		0
11 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/1421-5b7a9530af0851c2.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
32037
content-disposition
inline; filename="1421-5b7a9530af0851c2.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/1421-5b7a9530af0851c2.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::fnzqt-1653673519320-2011abf10223
etag
W/"80f5e517c749d3478bd6216db7452221a13bf6db6148a4c821e95783f93a20ff"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
card-0f7f90ceed599ed8.js
www.biltrewards.com/_next/static/chunks/pages/ 		0
408 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/card-0f7f90ceed599ed8.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
92195
content-disposition
inline; filename="card-0f7f90ceed599ed8.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
360
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/chunks/pages/card-0f7f90ceed599ed8.js
date
Fri, 27 May 2022 17:45:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::c7wlr-1653673519321-81c16268cf6a
cache-control
public,max-age=31536000,immutable
etag
W/"b5cdaa2a99c02e73f257a4876c7d045d3ddee0e5d9272053e1fc0ed397fce72c"
accept-ranges
bytes
app-a3af6c1c56b460d9.js
www.biltrewards.com/_next/static/chunks/pages/ 		0
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/app-a3af6c1c56b460d9.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
47988
content-disposition
inline; filename="app-a3af6c1c56b460d9.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/pages/app-a3af6c1c56b460d9.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::jnl4x-1653673519321-51b4caa128bb
etag
W/"e5ae2ac981be73fab9bb7bd45b1dec87fd54841c5724b94644802312e54edc7f"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
editorial.json
www.biltrewards.com/_next/data/xCi4DK5iBaqFnIezwSChV/ 		71 KB
10 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/data/xCi4DK5iBaqFnIezwSChV/editorial.json
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
7281bc622c3348494d789c1d5ac85c01f3bf4842a5d02c0700508567aed13378
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
6152
content-disposition
inline
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public, max-age=0, must-revalidate
x-matched-path
/_next/data/xCi4DK5iBaqFnIezwSChV/editorial.json
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
text/html; charset=utf-8
via
1.1 google
x-vercel-id
fra1::nd6pk-1653673519322-b6b1dcab6a65
etag
W/"7281bc622c3348494d789c1d5ac85c01f3bf4842a5d02c0700508567aed13378"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
3993-fc5a132ebeed3c12.js
www.biltrewards.com/_next/static/chunks/ 		0
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/3993-fc5a132ebeed3c12.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
7620404
content-disposition
inline; filename="3993-fc5a132ebeed3c12.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/3993-fc5a132ebeed3c12.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::g4xbd-1653673519350-f7ac15b5b846
etag
W/"6cdcb3816fc3de3d3224300d1939002a7566457f9dcb84fd7f9c4cd41595539d"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
5668-8fc76425d3a2b0a8.js
www.biltrewards.com/_next/static/chunks/ 		0
4 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/5668-8fc76425d3a2b0a8.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
60825
content-disposition
inline; filename="5668-8fc76425d3a2b0a8.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/5668-8fc76425d3a2b0a8.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::gfwhv-1653673519322-4ccccc117d71
etag
W/"bdcd3889abcea77e320b4693680dedd72fe04d1f8a4f91f48ad95ad4d867fa5c"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
editorial-b0f803456db37433.js
www.biltrewards.com/_next/static/chunks/pages/ 		0
515 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/editorial-b0f803456db37433.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
47454
content-disposition
inline; filename="editorial-b0f803456db37433.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
467
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/chunks/pages/editorial-b0f803456db37433.js
date
Fri, 27 May 2022 17:45:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::n2qrw-1653673519322-e027cdaa525d
cache-control
public,max-age=31536000,immutable
etag
W/"00ee7e7e10f2f58303652f62b82f450f4279a6c7c8ef8cc53bb35a16b7e61234"
accept-ranges
bytes
7466.e834f6e66e2546d4.js
www.biltrewards.com/_next/static/chunks/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/7466.e834f6e66e2546d4.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/webpack-d7d8042059b064a2.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
999be4194a46c5d65f2f5d4b98c077ef726c3f2f0b105b3060f4fa6aa7639259
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
7894565
content-disposition
inline; filename="7466.e834f6e66e2546d4.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/7466.e834f6e66e2546d4.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::v76cm-1653673519344-1f62cfc8862c
etag
W/"999be4194a46c5d65f2f5d4b98c077ef726c3f2f0b105b3060f4fa6aa7639259"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
clientstream.launchdarkly.com/eval/618bdb37dea1430e77a22346/ 		309 B
0 		EventSource
General
Check archive.org
Download Go to
Full URL
https://clientstream.launchdarkly.com/eval/618bdb37dea1430e77a22346/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyJ9
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.151.210 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a1370dc23e25e46ce.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
text/event-stream
Cache-Control
no-cache
Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
ld-region
eu-west-1
access-control-max-age
300
access-control-allow-methods
GET,OPTIONS
content-type
text/event-stream; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper
/
o441793.ingest.sentry.io/api/5823479/envelope/ 		2 B
280 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o441793.ingest.sentry.io/api/5823479/envelope/?sentry_key=50f039ff934e419597bde8e7652fc3d8&sentry_version=7
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://www.biltrewards.com
access-control-expose-headers
x-sentry-rate-limits, x-sentry-error, retry-after
x-envoy-upstream-service-time
0
strict-transport-security
max-age=31536000; includeSubDomains; preload
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
recaptcha__de.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ 		365 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
195fc406dbdbe81846387873a37f88b81514ddedd3877b59e1a4615e90b18173
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2453
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147703
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 27 May 2023 17:04:26 GMT
link-dynamic-loader.js
cdn.plaid.com/link/2.0.1336/ 		0
42 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1336/link-dynamic-loader.js
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.98.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-98-86.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
twi6dsFIDgdrqN1V2dw61oqQkPUfrlI.
content-encoding
gzip
etag
W/"18225b2eba84b3103b461ba84b54998e"
age
1926
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 26 May 2022 16:37:30 GMT
server
AmazonS3
date
Fri, 27 May 2022 17:13:14 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 baaf38f0a0d54e4834bf934fa5189cea.cloudfront.net (CloudFront)
cache-control
max-age=10800
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
GmnHDgd7sPtaqufxFEkOu0llit9hFA7aHpxKapFv4rKjL86J5bFjfg==
efeeee0d-dd1d-434e-863e-08a4f147cdc5
ekr.zdassets.com/compose/ 		390 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/efeeee0d-dd1d-434e-863e-08a4f147cdc5
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e8e797bb8d2796f47c1098cb4b145b28cb73a4347e50cd86dfa23c550fa13078
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
REVALIDATED
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
cf-ray
712090488f2590f4-FRA
status
200 OK
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
strict-transport-security
max-age=0
x-xss-protection
1; mode=block
x-request-id
c8966153-bb9b-4ddd-8b46-2df1dc6e9f5f
x-runtime
0.003291
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
x-frame-options
SAMEORIGIN
etag
W/"e8e797bb8d2796f47c1098cb4b145b28"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Origin, Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=9%2BZihwAkdwc7039UjtK99UAsy%2FgoTHyqSjniE6vhXULN3yDKn4q5JNdGBT2I3%2BespTNsA63eQd9azRfJA4ADG1fK7AkDRuFO3GEAhbBg35Cm48iL6OxZL%2B7oHOQFxnXISVs%3D"}],"group":"cf-nel","max_age":604800}
x-download-options
noopen
access-control-allow-origin
*
access-control-expose-headers
cache-control
max-age=600, public, s-maxage=60, stale-while-revalidate=600, stale-if-error=3600
content-type
application/json; charset=utf-8
js
www.googletagmanager.com/gtag/ 		198 KB
70 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HVS9TCS30Z&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5KZTNLX
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:80e::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
93b0677eac4ffeac01a74ebb00e4b5851bcb705101304102301b6c09e1fce1c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
71548
x-xss-protection
0
expires
Fri, 27 May 2022 17:45:19 GMT
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/ 		288 B
249 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f430745adcf156438359f23e90050594f02806f223767a37d673d64519f49204

Request headers

Referer
https://www.biltrewards.com/
X-LaunchDarkly-Wrapper
react-client-sdk/2.26.0
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/2.22.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
gzip
vary
Authorization, Accept-Encoding
age
0
x-cache
MISS
content-length
147
x-served-by
cache-hhn4052-HHN, cache-hhn4073-HHN
access-control-allow-origin
*
x-timer
S1653673520.505959,VS0,VE7
etag
"203dbb"
access-control-max-age
3600
access-control-allow-methods
OPTIONS, GET
content-type
application/json
via
1.1 varnish
cache-control
max-age=0
accept-ranges
bytes
access-control-allow-headers
Accept, Content-Type, Content-Length, Accept-Encoding, Authorization, X-Requested-With, X-LD-Private, X-LD-AccountId, X-LD-EnvId, X-LD-PrjId, X-LaunchDarkly-Event-Schema, X-LaunchDarkly-User-Agent, X-LaunchDarkly-Wrapper, Ld-Api-Version
x-cache-hits
0
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://app.launchdarkly.com/sdk/evalx/618bdb37dea1430e77a22346/users/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
151.101.194.217 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
GET
Origin
https://www.biltrewards.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Authorization,X-Requested-With,X-LD-Private,X-LD-AccountId,X-LD-EnvId,X-LD-PrjId,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper,LD-API-Version
access-control-allow-methods
GET, OPTIONS, HEAD
access-control-allow-origin
*
access-control-max-age
3600
age
0
allow
GET, OPTIONS, HEAD
content-encoding
gzip
content-length
23
date
Fri, 27 May 2022 17:45:19 GMT
ld-region
us-east-1
strict-transport-security
max-age=31536000
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
2
x-served-by
cache-hhn4073-HHN
x-timer
S1653673519.479149,VS0,VE0
9009-75a811bffa12aa44.js
www.biltrewards.com/_next/static/chunks/ 		41 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/9009-75a811bffa12aa44.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
888ae88df52dbf2efd563c8d79b82580bdef5190b7bc2ce6e860408167579d30
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
75198
content-disposition
inline; filename="9009-75a811bffa12aa44.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/9009-75a811bffa12aa44.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::7fqvs-1653673519483-2b0d83e9a864
etag
W/"888ae88df52dbf2efd563c8d79b82580bdef5190b7bc2ce6e860408167579d30"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
1421-5b7a9530af0851c2.js
www.biltrewards.com/_next/static/chunks/ 		35 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/1421-5b7a9530af0851c2.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
80f5e517c749d3478bd6216db7452221a13bf6db6148a4c821e95783f93a20ff
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
23206
content-disposition
inline; filename="1421-5b7a9530af0851c2.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/1421-5b7a9530af0851c2.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::dt74h-1653673519484-351a2674a3f7
etag
W/"80f5e517c749d3478bd6216db7452221a13bf6db6148a4c821e95783f93a20ff"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
card-0f7f90ceed599ed8.js
www.biltrewards.com/_next/static/chunks/pages/ 		360 B
409 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/card-0f7f90ceed599ed8.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
b5cdaa2a99c02e73f257a4876c7d045d3ddee0e5d9272053e1fc0ed397fce72c
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
56775
content-disposition
inline; filename="card-0f7f90ceed599ed8.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
360
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/chunks/pages/card-0f7f90ceed599ed8.js
date
Fri, 27 May 2022 17:45:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::dt74h-1653673519484-5fedb96d13a6
cache-control
public,max-age=31536000,immutable
etag
W/"b5cdaa2a99c02e73f257a4876c7d045d3ddee0e5d9272053e1fc0ed397fce72c"
accept-ranges
bytes
app-a3af6c1c56b460d9.js
www.biltrewards.com/_next/static/chunks/pages/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/app-a3af6c1c56b460d9.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
e5ae2ac981be73fab9bb7bd45b1dec87fd54841c5724b94644802312e54edc7f
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
92195
content-disposition
inline; filename="app-a3af6c1c56b460d9.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/pages/app-a3af6c1c56b460d9.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::vltmc-1653673519485-565d7a35457e
etag
W/"e5ae2ac981be73fab9bb7bd45b1dec87fd54841c5724b94644802312e54edc7f"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
anchor
www.google.com/recaptcha/enterprise/ Frame 17C7 		42 KB
22 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__de.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
9b18da3e72e5bb1c131e79ea91331290139aa532fb1eba435dfe6478a370885b
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-a6SonuVkSCRZl5U7qzI6YA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://www.biltrewards.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
cache-control
no-cache, no-store, max-age=0, must-revalidate
content-encoding
gzip
content-length
22074
content-security-policy
script-src 'report-sample' 'nonce-a6SonuVkSCRZl5U7qzI6YA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type
text/html; charset=utf-8
cross-origin-embedder-policy
require-corp
cross-origin-resource-policy
cross-origin
date
Fri, 27 May 2022 17:45:19 GMT
expires
Mon, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
server
GSE
x-content-type-options
nosniff
x-xss-protection
1; mode=block
eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
clientstream.launchdarkly.com/eval/618bdb37dea1430e77a22346/ 		309 B
0 		EventSource
General
Check archive.org
Download Go to
Full URL
https://clientstream.launchdarkly.com/eval/618bdb37dea1430e77a22346/eyJhbm9ueW1vdXMiOnRydWUsImtleSI6ImFub255bW91cyIsImN1c3RvbSI6eyJ1dWlkIjoiZTg0NzdiZjAtNGVkOC00OTEyLTg2NmQtYWEyYjdkNjEwMzZjIn19
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
13.248.151.210 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a1370dc23e25e46ce.awsglobalaccelerator.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
text/event-stream
Cache-Control
no-cache
Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
ld-region
eu-west-1
access-control-max-age
300
access-control-allow-methods
GET,OPTIONS
content-type
text/event-stream; charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
strict-transport-security
max-age=31536000
accept-ranges
bytes
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,Cache-Control,X-Requested-With,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Wrapper
styles__ltr.css
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 17C7 		51 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 14:46:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
10739
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
24237
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/css
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 27 May 2023 14:46:20 GMT
recaptcha__de.js
www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/ Frame 17C7 		365 KB
144 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/recaptcha__de.js
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
195fc406dbdbe81846387873a37f88b81514ddedd3877b59e1a4615e90b18173
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:04:26 GMT
content-encoding
gzip
x-content-type-options
nosniff
age
2453
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
147703
x-xss-protection
0
last-modified
Mon, 16 May 2022 04:03:20 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
vary
Accept-Encoding
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
expires
Sat, 27 May 2023 17:04:26 GMT
3993-fc5a132ebeed3c12.js
www.biltrewards.com/_next/static/chunks/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/3993-fc5a132ebeed3c12.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
6cdcb3816fc3de3d3224300d1939002a7566457f9dcb84fd7f9c4cd41595539d
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
7561100
content-disposition
inline; filename="3993-fc5a132ebeed3c12.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/3993-fc5a132ebeed3c12.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::q4nsd-1653673519591-73c4d125caca
etag
W/"6cdcb3816fc3de3d3224300d1939002a7566457f9dcb84fd7f9c4cd41595539d"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
5668-8fc76425d3a2b0a8.js
www.biltrewards.com/_next/static/chunks/ 		12 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/5668-8fc76425d3a2b0a8.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
bdcd3889abcea77e320b4693680dedd72fe04d1f8a4f91f48ad95ad4d867fa5c
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
x-content-type-options
nosniff
age
42448
content-disposition
inline; filename="5668-8fc76425d3a2b0a8.js"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
cache-control
public,max-age=31536000,immutable
x-matched-path
/_next/static/chunks/5668-8fc76425d3a2b0a8.js
x-vercel-cache
HIT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
via
1.1 google
x-vercel-id
fra1:fra1::k4v9d-1653673519591-e4be0265c78c
etag
W/"bdcd3889abcea77e320b4693680dedd72fe04d1f8a4f91f48ad95ad4d867fa5c"
content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
editorial-b0f803456db37433.js
www.biltrewards.com/_next/static/chunks/pages/ 		467 B
516 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.biltrewards.com/_next/static/chunks/pages/editorial-b0f803456db37433.js
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.117.79.164 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
164.79.117.34.bc.googleusercontent.com
Software
Vercel /
Resource Hash
00ee7e7e10f2f58303652f62b82f450f4279a6c7c8ef8cc53bb35a16b7e61234
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
via
1.1 google
x-content-type-options
nosniff
age
36957
content-disposition
inline; filename="editorial-b0f803456db37433.js"
x-vercel-cache
HIT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
467
x-xss-protection
1; mode=block
access-control-allow-origin
*
referrer-policy
origin
server
Vercel
x-matched-path
/_next/static/chunks/pages/editorial-b0f803456db37433.js
date
Fri, 27 May 2022 17:45:19 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
content-type
application/javascript; charset=utf-8
x-vercel-id
fra1:fra1::fnzqt-1653673519591-b75429e468f8
cache-control
public,max-age=31536000,immutable
etag
W/"00ee7e7e10f2f58303652f62b82f450f4279a6c7c8ef8cc53bb35a16b7e61234"
accept-ranges
bytes
logo_48.png
www.gstatic.com/recaptcha/api2/ Frame 17C7 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.gstatic.com/recaptcha/api2/logo_48.png
Requested by
Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:828::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.gstatic.com/recaptcha/releases/M-QqaF9xk6BpjLH22uHZRhXt/styles__ltr.css
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 26 May 2022 19:40:09 GMT
x-content-type-options
nosniff
age
79510
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2228
x-xss-protection
0
last-modified
Tue, 03 Mar 2020 20:15:00 GMT
server
sffe
cross-origin-opener-policy
same-origin-allow-popups; report-to="recaptcha"
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
image/png
cache-control
public, max-age=604800
accept-ranges
bytes
expires
Thu, 02 Jun 2022 19:40:09 GMT
KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 17C7 		15 KB
16 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 11:18:05 GMT
x-content-type-options
nosniff
age
282434
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15344
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:32:55 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 24 May 2023 11:18:05 GMT
KFOlCnqEu92Fr1MmEU9fBBc4.woff2
fonts.gstatic.com/s/roboto/v18/ Frame 17C7 		15 KB
15 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://www.google.com/
Origin
https://www.google.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 24 May 2022 18:59:48 GMT
x-content-type-options
nosniff
age
254731
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
15552
x-xss-protection
0
last-modified
Mon, 16 Oct 2017 17:33:02 GMT
server
sffe
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to="apps-themes"
expires
Wed, 24 May 2023 18:59:48 GMT
webworker.js
www.google.com/recaptcha/enterprise/ Frame 17C7 		102 B
134 B 		Other
General
Check archive.org
Download Go to
Full URL
https://www.google.com/recaptcha/enterprise/webworker.js?hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt
Requested by
Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
GSE /
Resource Hash
7127d15642f8979cf58784f91d487e77a81cd8e1db0e8547cb683f62829ad7d0
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcKpRQfAAAAAEYX2kuanX2yrmLTgQ8Sijoswe5Z&co=aHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tOjQ0Mw..&hl=de&v=M-QqaF9xk6BpjLH22uHZRhXt&size=invisible&cb=zag3qcdqcanf
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
GSE
cross-origin-embedder-policy
require-corp
x-frame-options
SAMEORIGIN
report-to
{"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=300
content-security-policy
frame-ancestors 'self'
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
112
x-xss-protection
1; mode=block
expires
Fri, 27 May 2022 17:45:19 GMT
web-widget-framework-eabd657b877df2903006.js
static.zdassets.com/web_widget/latest/ Frame 73F3 		213 KB
71 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=efeeee0d-dd1d-434e-863e-08a4f147cdc5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e1985dfbdee650a5848bb31b34e13fddf467050a6c1f35f8fc60bdebc502d082
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133579
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
VBMW8RSJ5F4PS038
x-amz-id-2
2AwbRmd0LKCN+RdsxoIGpR2i/3Bf/DsEfBe2+XfxZXjYMlZgJveOZIKmk9ygKrRos/e9MGahBVE=
last-modified
Thu, 26 May 2022 02:48:25 GMT
server
cloudflare
etag
W/"85242c72013e47c0adc531088e531d07"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=IzHgMudn%2BIB3jzwWFagCSzrWs4DPDxWoXCsF%2B4xC0%2BzhakFaQ6%2FKmpmFyXI7TN9CPrMa5LiRJS7IezTiz9%2F955%2FJknHJmzcFQ6ha7dIj9ICHrED1TlggcZPD16mLbZj%2BSTny1SA%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
5W9ytiY3jf6B1IFCRgiYKNsOx23BLf5O
cf-ray
7120904a6c50693a-FRA
expires
Fri, 26 May 2023 02:48:23 GMT
config
biltrewards.zendesk.com/embeddable/ Frame 73F3 		735 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://biltrewards.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
de8b10915691b7ef810fbf8d0caae729a57fca16672b79a777ec04e72edf068e
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
x-envoy-decorator-operation
embeddable.embeddable.svc.cluster.local:80/*
x-content-type-options
nosniff
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-944bb454f-n578l
x-envoy-upstream-service-time
7
zendesk-api-version
2022-01-01
access-control-allow-methods
GET
content-encoding
br
vary
Origin, Accept-Encoding
x-cached
MISS
x-request-id
7120904b68798fc8-FRA
x-runtime
0.001914
last-modified
Fri, 27 May 2022 13:06:19 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
access-control-max-age
7200
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=PHPRyli4kMgifePmUId2s%2BvWzXOiiqiSG%2BAxMsBXI1EtOf57L62HsjjgHwPCzUnIAWrDOFKiW8%2FKac1JNiHFu7jvPzArakE6Ujm14FuNKqZmntkLGxu3%2FbKxDDAKovLflEtyIp3FQKPj"}],"group":"cf-nel","max_age":604800}
content-type
application/json; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
cf-ray
7120904b68798fc8-FRA
settings
cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/ 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/settings
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c5ab2f14a34d3a717bc57be15e2dd008815c013b07b69c22ca362df5fa93e5c3

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

x-amz-version-id
kMgg0Toy9PGLTiWlsPLv7.CeGTqctAp5
content-encoding
gzip
etag
W/"6d7ffb4d659d47a14f948efe119c2b3a"
age
4039
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Wed, 25 May 2022 01:20:33 GMT
server
AmazonS3
date
Fri, 27 May 2022 16:38:01 GMT
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
via
1.1 6b4954a8411e7b2a232537f8000c5c9c.cloudfront.net (CloudFront)
cache-control
public, max-age=10800
x-amz-cf-pop
FRA50-C1
x-amz-cf-id
EWtsihST5lwnKCuegbhwa7B4WuT2lohM3zVZCz0tYJHhqoGTiCWJGA==
618bdb37dea1430e77a22346
events.launchdarkly.com/events/diagnostic/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/diagnostic/618bdb37dea1430e77a22346
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.173.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-173-19.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://www.biltrewards.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Fri, 27 May 2022 17:45:20 GMT
strict-transport-security
max-age=31536000
618bdb37dea1430e77a22346
events.launchdarkly.com/events/diagnostic/ 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/diagnostic/618bdb37dea1430e77a22346
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.173.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-173-19.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.biltrewards.com/
X-LaunchDarkly-Wrapper
react-client-sdk/2.26.0
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/2.22.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/json

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
strict-transport-security
max-age=31536000
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
vitals
vitals.vercel-insights.com/v1/ 		2 B
133 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://vitals.vercel-insights.com/v1/vitals
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/main-2b92244af99505af.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.170.56.53 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-170-56-53.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Fri, 27 May 2022 17:45:19 GMT
x-ratelimit-reset
25
x-ratelimit-limit
1000
content-length
2
x-ratelimit-remaining
999
content-type
text/plain; charset=utf-8
130.bundle.d084dbba667083833ad9.js
cdn.segment.com/analytics-next/bundles/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/130.bundle.d084dbba667083833ad9.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b6cc91b88a0e4b6ceb9c85e5388d8a52e4983ae06a623c945c539874f59e0931

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Tue, 22 Feb 2022 18:39:32 GMT
content-encoding
br
vary
Accept-Encoding
age
8118348
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Fri, 18 Feb 2022 23:29:32 GMT
server
AmazonS3
etag
W/"df620a8d52b38219b01cc610c8489e6a"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
DxiEFF4r6s6__T2Gs.HIC3YcQ3vwsINF
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
57vs9LSUVbqW76MNTBvWVLB97PxPxvQmQ7kJ1cahLCIw3lmilxC3ag==
ajs-destination.bundle.a6950cf6bd0c8b0b0e97.js
cdn.segment.com/analytics-next/bundles/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.a6950cf6bd0c8b0b0e97.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e4b0f2b2c07d2757458471d62912c553945019206225b2652f3579aafbf9ac77

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 09 May 2022 18:35:40 GMT
content-encoding
br
vary
Accept-Encoding
age
1552180
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Mon, 09 May 2022 18:02:19 GMT
server
AmazonS3
etag
W/"3b6179992bc576a184fbd1ffcea66b7b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
E93OxZceFEDzCR9rrBdFaeimlXZOMZGj
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
epnjg0k6o49kQ0A6Gs7StbfI5f9_Av3rpYsuTWCjsZumu78KZ2V5Yg==
schemaFilter.bundle.a77eb8c5db3e65045afc.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.a77eb8c5db3e65045afc.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9db738abf713283a38900faec09050ddcf6b4fa8aeafe8565ead1342c5d0f8b9

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 09 May 2022 18:35:41 GMT
content-encoding
br
vary
Accept-Encoding
age
1552179
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
access-control-allow-origin
*
last-modified
Mon, 09 May 2022 18:02:19 GMT
server
AmazonS3
etag
W/"1cf1733f192c28db9bf7e0d3d62599e8"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
KDII9yxV2dEqJGKi49_neIZyu9sVBca9
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
content-type
application/javascript
x-amz-cf-id
HWpbZJk_yt4ARhoiKA3IVbLNG88caOZiCE9zGY1aEiWbJZlN6bxc3A==
fullstory.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/fullstory/3.1.0/fullstory.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a05a3da08992dc27a1fdc7a98434a7f8393f85fa07d2d4fc60a7b008d70bcd3a

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 19 May 2022 02:17:11 GMT
content-encoding
gzip
age
746890
x-cache
Hit from cloudfront
content-length
2169
access-control-allow-origin
*
last-modified
Tue, 17 May 2022 00:03:02 GMT
server
AmazonS3
etag
"d3e47a7eac6a85c7748e3e6a73c930fc"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
X97hJWAUWYaQg7zj5dh4ecxC.tVGV7D4
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
gpqZ2Fdk0GP6jNAi5gMGQCegN-Kx_yWUpqRB4v3YFScM-CBoqLG8fQ==
facebook-pixel.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.4/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.4/facebook-pixel.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0a606f215a29b0916df97dcca69b90e43128fca3bc8f237c3f56d58f4cf800ab

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Thu, 21 Apr 2022 13:26:17 GMT
content-encoding
gzip
age
3125944
x-cache
Hit from cloudfront
content-length
3271
access-control-allow-origin
*
last-modified
Tue, 12 Apr 2022 23:48:25 GMT
server
AmazonS3
etag
"11d09c60390d4846b90b372bd58cf329"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
ByW4Ma2_AASbYqFxZK8dLMvYlA8ZTb1e
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
nhdtIa-zrgtbnpxv6bXsEf7upaiEaDTGdOFIHpP7TM4dGL-wLfCyMw==
adwords.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
9adb21ebeae9f404040dc18be9a48f6ceb2a324874f62ef63fd5567de3b2c20e

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 23 May 2022 02:31:12 GMT
content-encoding
gzip
age
400448
x-cache
Hit from cloudfront
content-length
1357
access-control-allow-origin
*
last-modified
Tue, 17 May 2022 00:03:01 GMT
server
AmazonS3
etag
"93c69e81485e4216c346689c788bee23"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
nRLSjWmKnlOf8AVLCIksZ8J25UfS_uYG
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
3XZaQPvbnPcATA90rJVLdbgBFMAQ3i1Mb-BMlQPgtb4fk8E6_-3a3w==
commons.54701049fd6fb8497e9e.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/1ErkYwybcb0e7wVdFNgEA2tWV7mt2Lpq/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
143.204.103.41 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-143-204-103-41.fra50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Mon, 23 May 2022 20:34:17 GMT
content-encoding
gzip
age
335464
x-cache
Hit from cloudfront
content-length
22174
access-control-allow-origin
*
last-modified
Tue, 17 May 2022 00:03:00 GMT
server
AmazonS3
etag
"7741fd16ad2418cd17ab981f8207b106"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
x-amz-version-id
SbH57kq0iL04.JDZiX5MWfYyPNRXJEVt
via
1.1 58bcd6f2e1bc29fb83f080f1743cfeca.cloudfront.net (CloudFront)
cache-control
public,max-age=31536000,immutable
x-amz-cf-pop
FRA50-C1
accept-ranges
bytes
content-type
application/javascript
x-amz-cf-id
KHgnd3iC-IIQuYgGEpxCPpj2v3XkXmrYZ_9kALxgb-Fmoq4t1ynIuQ==
fs.js
edge.fullstory.com/s/ 		239 KB
72 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
a0402eb6fe1d3c3a771620e36cb7180c8b93490f8d510f10a92907ce1d2bbcd8

Request headers

Referer
https://www.biltrewards.com/
Origin
https://www.biltrewards.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:27:10 GMT
content-encoding
gzip
age
1090
x-guploader-uploadid
ADPycdvO1Z-csFmVCrmrOajArvaYdyO1rLoFXEPYklW4svoe_jJP_F4_aCQb5KuKj3n1HgNOsVX_Sux_18Zgv1ssgzaQ-ZyBCiW4
x-goog-storage-class
MULTI_REGIONAL
x-goog-metageneration
1
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
73105
last-modified
Tue, 24 May 2022 14:48:27 GMT
server
UploadServer
etag
"2649f6099078ce498ff4378012ba5862"
x-goog-hash
crc32c=5bGcnA==, md5=Jkn2CZB4zkmP9DeAErpYYg==
x-goog-generation
1653403707118994
access-control-allow-origin
*
access-control-expose-headers
Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control
public, max-age=3600,no-transform
x-goog-stored-content-length
73105
accept-ranges
bytes
content-type
application/javascript
expires
Fri, 27 May 2022 18:27:10 GMT
fbevents.js
connect.facebook.net/en_US/ 		99 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
26310
x-xss-protection
0
pragma
public
x-fb-debug
bTXtTic6AONYB1QYrP6FbIHgTrvbEGSnQLndyWbKKEH/YzSqlb0IZkdM5FiytG942cg/ir69B0OjhNOigK2tow==
x-fb-trip-id
917726464
x-frame-options
DENY
date
Fri, 27 May 2022 17:45:20 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
expires
Sat, 01 Jan 2000 00:00:00 GMT
conversion_async.js
www.googleadservices.com/pagead/ 		39 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.54701049fd6fb8497e9e.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
14847
x-xss-protection
0
server
cafe
etag
14193202862953550909
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Fri, 27 May 2022 17:45:20 GMT
p
api.segment.io/v1/ 		21 B
177 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.37.21.144 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-37-21-144.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://www.biltrewards.com
date
Fri, 27 May 2022 17:45:20 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
identity.js
connect.facebook.net/signals/plugins/ 		64 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/plugins/identity.js?v=2.9.61
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
5825a682d41932f76e0cb9afa5967e2b7f236a2f9439587bc6d937bc76edf005
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
20656
x-xss-protection
0
pragma
public
x-fb-debug
p90L6UfBUsPob1GL1USKghWLbDhLzIw2a6fimeo85nDDeA0yvSmh0bXzcXopOZorJz3PIFjL3rB5E1Ms6jIdDw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 27 May 2022 17:45:20 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
353467326379958
connect.facebook.net/signals/config/ 		306 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/353467326379958?v=2.9.61&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f02d:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
0840defbc9bf224f9c94704f8fa84c232b7b309f919cb60e20373b36b933ab5b
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400,h3-29=":443"; ma=86400
content-length
88974
x-xss-protection
0
pragma
public
x-fb-debug
Cmy4mRvcVqCDdswGvS5CQU6FT/FhL+oatSqi13hurI1PlcIPi+Jl99RkaR314myWTxzfS8uZFO0HY2Ycoa9B5A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Fri, 27 May 2022 17:45:20 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
page
rs.fullstory.com/rec/ 		52 B
262 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
eb34e22f3710d1b451a51b5e24e01fe848a99a06377b6fcb4f5c358abdb5d155
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://www.biltrewards.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
text/plain

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
via
1.1 google
x-content-type-options
nosniff
content-type
text/plain; charset=utf-8
access-control-allow-origin
https://www.biltrewards.com
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
52
/
www.facebook.com/tr/ 		44 B
297 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=353467326379958&ev=PageView&dl=https%3A%2F%2Fwww.biltrewards.com%2F&rl=&if=false&ts=1653673520190&sw=1600&sh=1200&ud[external_id]=85f1fa521a67a12afe76e9fefc2fc8e7a7a66bca1d03351d54b02b79fe2d5238&v=2.9.61&r=stable&a=seg&ec=0&o=30&fbp=fb.1.1653673520189.1367418498&it=1653673520118&coo=false&dpo=LDU&dpoco=0&dpost=0&rqm=GET
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
44
expires
Fri, 27 May 2022 17:45:20 GMT
/
www.googleadservices.com/pagead/conversion/10874839969/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/10874839969/?random=1653673520382&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
8aef6916ec4334250732e3ab175e6b500e72d93775a5d4cd608f016329a7ae89
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1067
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=1653673520386&cv=9&fst=1653673520386&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&data=path%3D%2F%3Breferrer%3D%3Bsearch%3D%3Btitle%3DBilt%20Rewards%20-%20Earn%20Points%20on%20Rent%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2F&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80e::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
b73c41daa21e9b4f50cee6d67b7a16c65b292a0925e324ddff82fe6a16a6ce38
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
gzip
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
content-type
text/javascript; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
1058
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/10874839969/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=...
  • https://www.google.com/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_j...
  • https://www.google.de/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_ja...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MA6RYrmxGdy9mLAPwPKZ4AM&random=679657592&resp=GooglemKTybQhCsO&ipr=y&prhg=0
Protocol
H3
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-type
image/gif
location
https://www.google.de/pagead/1p-conversion/10874839969/?random=204890957&cv=9&fst=1653673520382&num=1&guid=ON&resp=GooglemKTybQhCsO&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&hn=www.googleadservices.com&async=1&fmt=3&ctc_id=CAIVAgAAAB0CAAAA&ct_cookie_present=false&sscte=1&crd=&is_vtc=1&ocp_id=MA6RYrmxGdy9mLAPwPKZ4AM&random=679657592&resp=GooglemKTybQhCsO&ipr=y&prhg=0
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.com/pagead/1p-user-list/10874839969/ 		42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/pagead/1p-user-list/10874839969/?random=1653673520386&cv=9&fst=1653670800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&data=path%3D%2F%3Breferrer%3D%3Bsearch%3D%3Btitle%3DBilt%20Rewards%20-%20Earn%20Points%20on%20Rent%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2F&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&async=1&fmt=3&is_vtc=1&random=3940793485&resp=GooglemKTybQhCsO&rmt_tld=0&ipr=y
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a00:1450:4001:827::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-user-list/10874839969/ 		42 B
548 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-user-list/10874839969/?random=1653673520386&cv=9&fst=1653670800000&num=1&guid=ON&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=0&u_java=false&u_nplug=3&u_nmime=4&sendb=1&data=path%3D%2F%3Breferrer%3D%3Bsearch%3D%3Btitle%3DBilt%20Rewards%20-%20Earn%20Points%20on%20Rent%3Burl%3Dhttps%3A%2F%2Fwww.biltrewards.com%2F&frm=0&url=https%3A%2F%2Fwww.biltrewards.com%2F&tiba=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&async=1&fmt=3&is_vtc=1&random=3940793485&resp=GooglemKTybQhCsO&rmt_tld=1&ipr=y
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:803::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 27 May 2022 17:45:20 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-security-policy
script-src 'none'; object-src 'none'
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
web-widget-classic-278a2ee.js
static.zdassets.com/web_widget/latest/classic/ Frame 73F3 		13 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d9dac1d5766f52e5b13073c30dcb2dad6d108dafaaf6acc3500063e162e585bd
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133580
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
VBMGVWFKGG48GB53
x-amz-id-2
hYMmouErPrk1HI9raXKBn5c2sAy2FgK2HvZQVSmT2Q+8jCi7H54liGfeH4LhonTEmoqkVVJDVn4=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"7f4ae715983f3512669faa52e4bead97"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=pwY7sRwVnU3W1u6xT%2B0cRrUasrdvpnKl2hEJCO9KagkQQfUe8%2FAzomkpai5dtoRIMFS0wBq3Vy%2FrwwfvHEg2vId2YjHpkCOsQOzYkvZ1u5%2BzFuiEIVEJRrcbbtRw9t5Q3y94vGw%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
bO.BFqkx28CAmrQAanoUzQ7LwDycZApK
cf-ray
7120904fffa2693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT
web-widget-1062-278a2ee.js
static.zdassets.com/web_widget/latest/classic/ Frame 73F3 		641 KB
188 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-1062-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
65b6ba48254db607c979d3dce5fe9761e7f98b4ea6b241d7528864e8b016c85a
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133580
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
VBMYYD3849895YPZ
x-amz-id-2
ITolkdLvh/VCxiN120jQDNe/4zRYscc4MJ34GFy+bzCBaxSDgAIxTKILgWvcbpX8HyUgUPBanAI=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"658030e90c20901289c131f50ab95d6f"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=U4uve1LY5ygoRuaxMXXE3wjQztiu7rqh9hSksNzfhgNf%2BxLN%2BwHzIOOy8uBa2rzvPsm7rPb2L%2BtNJ2h%2BO99rjYO4jqcqoKzaMVnVX9BQ3fZRPYxTlQoJ4drYLA6mLFdlDgC4E08%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
RDaXZnrrhL1Mk3Z86Yq9cuUbUVXQQSNw
cf-ray
712090501805693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT
web-widget-6090-278a2ee.js
static.zdassets.com/web_widget/latest/classic/ Frame 73F3 		467 KB
105 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-6090-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
439ea1ebd843d4f1a7e297824947c0572200caad2cfc1554c3a54f28df57d2ef
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133580
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
VBMGMQJQE4Q9Z36S
x-amz-id-2
0u/FqahaXpVQJUNIYVJIUdKUQk3Eagxjk2/ulIuWZREEw1GI/ELUosNr29rBgSWtlgKHHsw8Ve8=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"8f8ffc63a7736ea449dc23bcfda1da7b"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=n7paEnq02PEUMB9e%2Fh6oYYg3LXsO0MuRPVFavuEjuz0Vb30cY8jx93J18Alw5S997lJ9GdJqCCMfDLSQ9RbY6deBV%2BjGgX6PxGTOpcHvNnrsATwccBWGaBJwBSRBoNgTsCwtBdU%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
SBV8BjEgezNbabDjgs3TAKko8p89_jk8
cf-ray
71209050180d693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT
/
www.facebook.com/tr/ 		44 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=353467326379958&ev=Microdata&dl=https%3A%2F%2Fwww.biltrewards.com%2F&rl=&if=false&ts=1653673520695&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent%22%7D&cd[OpenGraph]=%7B%22og%3Atitle%22%3A%22Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent%22%2C%22og%3Adescription%22%3A%22What%20if%20paying%20rent%20could%20fund%20your%20new%20home%3F%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.biltrewards.com%2Fassets%2Fsharing%2Fsocial-rewards.jpg%22%2C%22og%3Atype%22%3A%22website%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.biltrewards.com%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&ud[external_id]=85f1fa521a67a12afe76e9fefc2fc8e7a7a66bca1d03351d54b02b79fe2d5238&v=2.9.61&r=stable&a=seg&ec=1&o=30&fbp=fb.1.1653673520189.1367418498&it=1653673520118&coo=false&dpo=LDU&dpoco=0&dpost=0&es=automatic&tm=3&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f12d:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://www.biltrewards.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
priority
u=3,i
expires
Fri, 27 May 2022 17:45:20 GMT
embeddable_blip
biltrewards.zendesk.com/ Frame 73F3 		0
359 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://biltrewards.zendesk.com/embeddable_blip?type=analytics&data=eyJhbmFseXRpY3MiOnsidmFsdWUiOnsicmF3Q2xpZW50TG9jYWxlIjoiZW4tVVMiLCJyYXdTZXJ2ZXJMb2NhbGUiOiJkZS1ERSIsImNsaWVudExvY2FsZSI6ImVuLXVzIiwic2VydmVyTG9jYWxlIjoiZGUtZGUiLCJ1c2VyQWdlbnQiOiJNb3ppbGxhLzUuMCAoV2luZG93cyBOVCAxMC4wOyBXaW42NDsgeDY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTAyLjAuNTAwNS42MSBTYWZhcmkvNTM3LjM2IiwiaXNNb2JpbGUiOmZhbHNlfSwiYWN0aW9uIjoibG9jYWxlTWlzbWF0Y2giLCJjYXRlZ29yeSI6ImxvY2FsZSJ9LCJidWlkIjoiZGU4Y2NmYzY1MWY1NGQyYmI0ZmMzNWQyNjkwZDlkYTMiLCJzdWlkIjoiNWNmMWQyYWFjMzc2NDE1ZDhhZmE5N2RlNmQ3MTRmNjMiLCJ2ZXJzaW9uIjoiMjc4YTJlZSIsInRpbWVzdGFtcCI6IjIwMjItMDUtMjdUMTc6NDU6MjAuNzc5WiIsInVybCI6Imh0dHBzOi8vd3d3LmJpbHRyZXdhcmRzLmNvbS8ifQ%3D%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
1
zendesk-api-version
2022-01-01
content-length
0
x-zendesk-zorg
yes
x-request-id
3d175df3adac41f1ecdbb9e35e78e5fc
last-modified
Fri, 27 May 2022 17:45:20 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=FaD%2BV9JAwWmB9A28vmViW7PgCR2GgUIKPUqWEfXKAhlFkpPU4T1Je4HymlDRmWsj%2FeNWrgXunLQssoYj%2BZDIW02%2BUxllqaWCRQVtLMOwhh5%2FmBRRoxHkGkteyVpKcOkkRp%2FYhrnFA%2FiB"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
accept-ranges
bytes
cf-ray
71209050e93f8fc8-FRA
embeddable_blip
biltrewards.zendesk.com/ Frame 73F3 		0
290 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://biltrewards.zendesk.com/embeddable_blip?type=settings&data=eyJzZXR0aW5ncyI6eyJ3ZWJXaWRnZXQiOnsiY2hhdCI6eyJtZW51T3B0aW9ucyI6eyJlbWFpbFRyYW5zY3JpcHQiOmZhbHNlfX19fSwiYnVpZCI6ImRlOGNjZmM2NTFmNTRkMmJiNGZjMzVkMjY5MGQ5ZGEzIiwic3VpZCI6IjVjZjFkMmFhYzM3NjQxNWQ4YWZhOTdkZTZkNzE0ZjYzIiwidmVyc2lvbiI6IjI3OGEyZWUiLCJ0aW1lc3RhbXAiOiIyMDIyLTA1LTI3VDE3OjQ1OjIwLjc4N1oiLCJ1cmwiOiJodHRwczovL3d3dy5iaWx0cmV3YXJkcy5jb20vIn0%3D
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:21 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
0
zendesk-api-version
2022-01-01
content-length
0
x-zendesk-zorg
yes
x-request-id
ecbd0cd107821c71cad34585c94b1a22
last-modified
Fri, 27 May 2022 17:45:21 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sbT82kYObMePiOTzcxI4IyoS%2F3C7CMHrs6c1u5oTGBlLtnqKUWWCb9aS2cayf9G%2FHv1bZlTc2p7fI%2BIOpnc6A0tS%2FWbfZvszYx005240VGL3EwRLl%2BO0EUv28Vd%2BGdwN3jjoVgNPYtc4"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
accept-ranges
bytes
cf-ray
71209050f9578fc8-FRA
de-de-json-278a2ee.js
static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/ Frame 73F3 		27 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-locales/classic/de-de-json-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
68044eaef1841a02213086348bf81a382b3bee100aa54c7369c947da239a0357
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133579
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
VBMTZPX8509013F2
x-amz-id-2
NG4IZL1eWAx0hYUKXkY3lDvVxKsHps5wQJdWZOVx52pwnBaF+B3j5KPtlFJhG7x7MXQQco2/KAc=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"dee0c6a89a545cab72e7f62ab96b94c6"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ex%2FTtoiqFkomH9CIQtbGPg39TyC%2FgZ%2Fw%2B5TYlA35OIxTZo7xxCDny7uWoU9qc1ZZWq18IBII%2BohZeFe66TYJxDtyXzK0v6glQ6lvPM8C%2F3POFdzBn9osD%2B9csctxtI6pRSHxINM%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
tFNYKfmREIWeFLa32pEVtDlkWNkhxa6Q
cf-ray
71209050f9c2693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT
web-widget-chat-sdk-278a2ee.js
static.zdassets.com/web_widget/latest/classic/ Frame 73F3 		202 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-sdk-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1f7130e94cf3853f7b0162f8c04e50272027c223522be2a48a2de32b0b5bdbac
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:20 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133579
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
96Z5GT106CKCXNN4
x-amz-id-2
nByGsip3pMRsbA6NyWc9qKX3vXHE+E/7xIV9hnWBIlMPUb/r+Fy4aCC0RMIOc3ax4h3aJSZXRd0=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"4ad6bf28cc550bcae204bad1cfbe13bf"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=hIL2P4Uef%2BzuKRcEeA%2BuiB29XdsLOcxfczMEMV12USgNPzQ9mM1GN%2FqAKcyS1OCFt8EsUrTGYsSqVwJFaW5DNgdPYEZgICDBneK%2FMN36td0gT2Nk%2BLPOoBUaoBmqKaOswUCzHb8%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
zpgeZS_b7HGe2DnqmsNPFsgNOcRW2.ZM
cf-ray
712090512a26693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT
embeddable_blip
biltrewards.zendesk.com/ Frame 73F3 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://biltrewards.zendesk.com/embeddable_blip?type=pageView&data=eyJjaGFubmVsIjoid2ViX3dpZGdldCIsInBhZ2VWaWV3Ijp7InRpbWUiOjU4LCJsb2FkVGltZSI6MzMuNzAwMDAwNzYyOTM5NDUsIm5hdmlnYXRvckxhbmd1YWdlIjoiZW4tVVMiLCJwYWdlVGl0bGUiOiJCaWx0IFJld2FyZHMgLSBFYXJuIFBvaW50cyBvbiBSZW50IiwidXNlckFnZW50IjoiTW96aWxsYS81LjAgKFdpbmRvd3MgTlQgMTAuMDsgV2luNjQ7IHg2NCkgQXBwbGVXZWJLaXQvNTM3LjM2IChLSFRNTCwgbGlrZSBHZWNrbykgQ2hyb21lLzEwMi4wLjUwMDUuNjEgU2FmYXJpLzUzNy4zNiIsImlzTW9iaWxlIjpmYWxzZSwiaXNSZXNwb25zaXZlIjp0cnVlLCJ2aWV3cG9ydE1ldGEiOiJpbml0aWFsLXNjYWxlPTEuMCwgd2lkdGg9ZGV2aWNlLXdpZHRoIiwiaGVscENlbnRlckRlZHVwIjpmYWxzZSwicmVmZXJyZXIiOiJodHRwczovL3d3dy5iaWx0cmV3YXJkcy5jb20vIn0sImJ1aWQiOiJkZThjY2ZjNjUxZjU0ZDJiYjRmYzM1ZDI2OTBkOWRhMyIsInN1aWQiOiI1Y2YxZDJhYWMzNzY0MTVkOGFmYTk3ZGU2ZDcxNGY2MyIsInZlcnNpb24iOiIyNzhhMmVlIiwidGltZXN0YW1wIjoiMjAyMi0wNS0yN1QxNzo0NToyMC44MzdaIiwidXJsIjoiaHR0cHM6Ly93d3cuYmlsdHJld2FyZHMuY29tLyJ9
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/web-widget-framework-eabd657b877df2903006.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:21 GMT
x-content-type-options
nosniff
cf-cache-status
MISS
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-envoy-upstream-service-time
1
zendesk-api-version
2022-01-01
content-length
0
x-zendesk-zorg
yes
x-request-id
6da59d9c54c1717249e4efbd6976a50b
last-modified
Fri, 27 May 2022 17:45:21 GMT
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=Ev70AcxiJapuoXj%2Fgoq%2F2Jh5AzhDqA3hszi9v1shHOmxHHmYl6Ek58BfdZ0nyPegUkBtkmERBi762CK0ESMkAaGWVcHpZh9OGmdNanCd0NlAJX9XJHJi5kZkD85kFTfXbEsG3rzq37%2BX"}],"group":"cf-nel","max_age":604800}
access-control-allow-origin
*
accept-ranges
bytes
cf-ray
7120905149c08fc8-FRA
618bdb37dea1430e77a22346
events.launchdarkly.com/events/bulk/ 		0
344 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/618bdb37dea1430e77a22346
Requested by
Host: www.biltrewards.com
URL: https://www.biltrewards.com/_next/static/chunks/6023.3ee300b5fade629e.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.173.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-173-19.compute-1.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

X-LaunchDarkly-Payload-ID
c7f866f0-dde4-11ec-80b5-233058123e62
X-LaunchDarkly-Event-Schema
3
accept-language
de-DE,de;q=0.9
X-LaunchDarkly-User-Agent
JSClient/2.22.1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36
Content-Type
application/json
Referer
https://www.biltrewards.com/
X-LaunchDarkly-Wrapper
react-client-sdk/2.26.0

Response headers

date
Fri, 27 May 2022 17:45:22 GMT
access-control-max-age
300
access-control-allow-methods
POST,OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
Date
strict-transport-security
max-age=31536000
access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
content-length
0
618bdb37dea1430e77a22346
events.launchdarkly.com/events/bulk/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://events.launchdarkly.com/events/bulk/618bdb37dea1430e77a22346
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.72.173.19 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-72-173-19.compute-1.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,x-launchdarkly-event-schema,x-launchdarkly-payload-id,x-launchdarkly-user-agent,x-launchdarkly-wrapper
Access-Control-Request-Method
POST
Origin
https://www.biltrewards.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

access-control-allow-headers
Accept,Content-Type,Content-Length,Accept-Encoding,X-LaunchDarkly-Event-Schema,X-LaunchDarkly-User-Agent,X-LaunchDarkly-Payload-ID,X-LaunchDarkly-Wrapper,X-LaunchDarkly-Tags
access-control-allow-methods
POST,OPTIONS
access-control-allow-origin
*
access-control-expose-headers
Date
access-control-max-age
300
date
Fri, 27 May 2022 17:45:21 GMT
strict-transport-security
max-age=31536000
web-widget-chat-incoming-message-notification-278a2ee.js
static.zdassets.com/web_widget/latest/classic/ Frame 73F3 		208 B
632 B 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/latest/classic/web-widget-chat-incoming-message-notification-278a2ee.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/latest/classic/web-widget-classic-278a2ee.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/102.0.5005.61 Safari/537.36

Response headers

date
Fri, 27 May 2022 17:45:23 GMT
content-encoding
br
vary
Accept-Encoding
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
age
133582
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-request-id
96ZCRHQ1TPS9N3R9
x-amz-id-2
Qorehq/84jImn7jqc7jy6DBdil5pCU0Y6oErXhRho6eNLPPbw6ao0AdrRQ8YiZxFMB0RO9Xfd+8=
last-modified
Thu, 26 May 2022 02:48:41 GMT
server
cloudflare
etag
W/"659635f5ad1b6653645380f46aa42236"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=0
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=sgczKcfRDa7NeIRXCOVkRD3VXTNRwRWWndiwAMDi1Sl0%2Bynrxj7QIrOKcW%2FAnwMpcN0iX59lkDzJkuzRaiO5xpVF8F0VLmroyd9AFD3rF7xEBY63moHKIwSgBP2OlAhasIYpfrQ%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
x-amz-version-id
xbxmXbdcSkbHunxtz14LDoIKga1l7MUf
cf-ray
7120905f6975693a-FRA
expires
Fri, 26 May 2023 02:48:40 GMT

Verdicts & Comments Add Verdict or Comment

83 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails object| navigation object| webpackChunk_N_E object| regeneratorRuntime object| next object| __NEXT_DATA__ function| __SSG_MANIFEST_CB object| __NEXT_P object| _N_E object| SENTRY_RELEASE function| _ function| __NEXT_PRELOADREADY object| analytics object| dataLayer boolean| _fs_is_outer_script object| zESettings function| __BUILD_MANIFEST_CB function| __MIDDLEWARE_MANIFEST_CB object| __BUILD_MANIFEST object| __SSG_MANIFEST object| __MIDDLEWARE_MANIFEST function| a0_0x1e8b function| a0_0x1b97 object| webpackChunkseon_javascript_sdk object| seon object| __SENTRY__ object| ___grecaptcha_cfg object| grecaptcha string| __recaptcha_api boolean| __google_recaptcha_client object| zEWebpackACJsonp function| zE function| zEmbed object| Plaid object| webpackJsonpPlaid object| seonModernizr object| google_tag_manager object| OktaAuthPolyfill object| recaptcha object| closure_lm_740091 function| onYouTubeIframeAPIReady object| google_tag_data object| gaGlobal boolean| zEACLoaded object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| AnalyticsNext object| fullstoryDeps function| fullstoryLoader object| facebook-pixelDeps function| facebook-pixelLoader object| adwordsDeps function| adwordsLoader object| webpackJsonp_name_Integration function| setImmediate function| clearImmediate function| fullstoryIntegration boolean| _fs_debug string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS function| facebook-pixelIntegration function| _fbq function| fbq function| adwordsIntegration string| _fs_loaded function| _fs_shutdown function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO function| $zopim

8 Cookies

Domain/Path Name / Value
.wellsfargoemail.com/ Name: cm.Bij9xFB8IXCZB96lqFN0N0vwdDhbiltrew
Value: 1653673518
.biltrewards.com/ Name: _ga_HVS9TCS30Z
Value: GS1.1.1653673519.1.0.1653673519.0
.biltrewards.com/ Name: _ga
Value: GA1.1.828337614.1653673520
.biltrewards.com/ Name: ajs_anonymous_id
Value: 474e6547-1f54-4626-9d58-0a8861f455cf
.biltrewards.com/ Name: _fbp
Value: fb.1.1653673520189.1367418498
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
widget-mediator.zopim.com/ Name: AWSALBCORS
Value: f8NrcPWyx9S+e35tXbFGCXCsYTDbP8g6GJ5sfPEUt8hUkFnd+rCf4HZVrKmAdKV7KXN1cc+V8JoiJ/NrwUEwtudY76FOloY8nz0E6R3y9W/6+cfxmxZ46wf0G2y3
.biltrewards.com/ Name: __zlcmid
Value: 1ABkxNrpZdXRMah

6 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/gtag/js?id=G-HVS9TCS30Z&l=dataLayer&cx=c(Line 49)
Message:
Refused to connect to 'https://www.google-analytics.com/g/collect?v=2&tid=G-HVS9TCS30Z&gtm=2oe5p1&_p=2067880505&_z=ccd.tdB&cid=828337614.1653673520&ul=en-us&sr=1600x1200&_s=1&sid=1653673519&sct=1&seg=0&dl=https%3A%2F%2Fwww.biltrewards.com%2F&dt=Bilt%20Rewards%20-%20Earn%20Points%20on%20Rent&en=page_view&_fv=1&_nsi=1&_ss=1' because it violates the following Content Security Policy directive: "connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com".
security error URL: about:blank
Message:
Refused to load media from 'https://static.zdassets.com/web_widget/latest/classic/fda6cd35495c75f83508d9d2e77ee33d.mp3' because it violates the following Content Security Policy directive: "media-src www.datocms-assets.com".
javascript warning URL: https://www.biltrewards.com/
Message:
The resource https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-J.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.biltrewards.com/
Message:
The resource https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-Z.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.biltrewards.com/
Message:
The resource https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-Q.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.
javascript warning URL: https://www.biltrewards.com/
Message:
The resource https://www.biltrewards.com/assets/page-components/page-rewards/letters/char-B.png was preloaded using link preload but not used within a few seconds from the window's load event. Please make sure it has an appropriate `as` value and it is preloaded intentionally.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; child-src 'self'; connect-src 'self' ws: *.biltcard.com *.biltrewards.com *.deviceinfresolver.com *.facebook.com *.launchdarkly.com *.segment.io *.sentry.io *.smooch.io *.zdassets.com biltrewards.zendesk.com cdn.plaid.com cdn.segment.com js.verygoodvault.com js3.verygoodvault.com rs.fullstory.com vgs-collect-keeper.apps.verygood.systems vitals.vercel-insights.com; default-src 'self' cdn.plaid.com www.google.com www.gstatic.com; frame-src 'self' *.biltrewards.com *.doubleclick.net cdn.plaid.com js.verygoodvault.com js3.verygoodvault.com www.google.com www.googletagmanager.com; img-src 'self' data: https:; media-src www.datocms-assets.com; object-src 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' *.doubleclick.net *.fullstory.com *.oktacdn.com api.smooch.io cdn.deviceinf.com cdn.plaid.com cdn.segment.com cdnjs.cloudflare.com connect.facebook.net fullstory.com js.verygoodvault.com static.zdassets.com www.google.com www.googleadservices.com www.gstatic.com www.googletagmanager.com; style-src 'self' 'unsafe-inline';
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.segment.io
app.launchdarkly.com
biltrewards.zendesk.com
cdn.deviceinf.com
cdn.plaid.com
cdn.segment.com
clientstream.launchdarkly.com
connect.facebook.net
connect.wellsfargoemail.com
edge.fullstory.com
ekr.zdassets.com
events.launchdarkly.com
fonts.gstatic.com
global.oktacdn.com
googleads.g.doubleclick.net
o441793.ingest.sentry.io
rs.fullstory.com
static.zdassets.com
vitals.vercel-insights.com
www.biltrewards.com
www.facebook.com
www.google.com
www.google.de
www.googleadservices.com
www.googletagmanager.com
www.gstatic.com
104.16.53.111
104.18.72.113
13.248.151.210
142.250.185.66
143.204.103.41
143.204.98.23
143.204.98.80
143.204.98.86
151.101.194.217
2a00:1450:4001:803::2003
2a00:1450:4001:80e::2002
2a00:1450:4001:80e::2008
2a00:1450:4001:80f::2003
2a00:1450:4001:827::2004
2a00:1450:4001:828::2003
2a03:2880:f02d:100:face:b00c:0:3
2a03:2880:f12d:181:face:b00c:0:25de
34.117.79.164
34.120.195.249
35.186.194.58
35.201.112.186
52.37.21.144
52.72.173.19
54.170.56.53
67.134.222.209
003ec990945c225e708f129189e2a29c69f32c713ef41c0d8896fe64b4c70e06
00ee7e7e10f2f58303652f62b82f450f4279a6c7c8ef8cc53bb35a16b7e61234
017178dcf5d21c00839ecff3640db41191e92b0fe8a2a31cfec5fde93fb087be
05e2a8300b64a2b58bf384cdc6f16463d2a2026dde3fa001f2652db853138d2e
06173114f8547f922ebce6cbda216ecb02989aac0d0f21cd3f3a0f1191b312bd
077104364eb0971401d264dce42cceeaf00f562ce5c389eb4e4ab238f737ec8a
07e9810ecf8bf51b42ef9841b947b920ee45185f016f5564b5bfd6f3e4d5ab97
0840defbc9bf224f9c94704f8fa84c232b7b309f919cb60e20373b36b933ab5b
0a606f215a29b0916df97dcca69b90e43128fca3bc8f237c3f56d58f4cf800ab
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1375c9fc7d3b6fe1327308bb3b4dc4a0465d6783a2e6f0a08cce94f63330bb79
14782634390cb6ea99c6b7cb06bb4a3a810d7ac397d1748f957a259a99474a16
1508490e2a7f3949d866ce8f032895224c55a02eb24f9ada50c7cb79a4c887c8
195fc406dbdbe81846387873a37f88b81514ddedd3877b59e1a4615e90b18173
1b9efb22c938500971aac2b2130a475fa23684dd69e43103894968df83145b8a
1f7130e94cf3853f7b0162f8c04e50272027c223522be2a48a2de32b0b5bdbac
20a7f63d08f71cfa4b213061dbad6bfa9dd5337ec008d318a3f74fd84f027572
2193fe1e9bca2fcc0e97d7bd773fbaa3bdea0c15c75675482258fc4488dc3779
24c7a9996ad18412ef673399d6091bae57597dffb1fd66b646f16721497bb756
2617b0a64564899ba3b821f79c20ff44d44ede8c228fa9b4004da45e12735a10
26927b5f910af51b9cac9fb5b756ea5c27a8237300a305d65fa86b6d90473e03
27a37040cd516d498c7c287b9b84b0a2fc2ef7915d92960a5761fc4ac0883d20
2b4ae27b5cbda42a090c2b4bc30dbd0c52f0f30c89abecb74d50fc3261fcc705
2d6455fc2954e6d5c91442e58fee811b6d0f1e093db1974fda7b4ce400ddb9fd
2d94fba7228619dfd414beb0bac8b57e94df3f17907a9c20d04ecf9e072001ac
38d63d51bd498a15784e1c0774cb996136600a59fdd96648949f938895ff40e5
38d81ebdebe55266562823738abaf73753e36a2625845b0d7cc98707cf4edd73
396f52352b802f1581009b85ed7b1b6de498e6874e2befd54a42631e4b8f32b4
3c504074f03c894db4e1c9c323142e87f9227326ea1299af088252b7978e0ecc
3cbfe1c077ba0169a3fb52f9173b184da791852587d1d4f5aac9b6e09e76894e
3d041419318b343e579c28ccff6e0867df60b785c0b5dad6fa0990218aca8771
3e253b66056519aa065b00a453bac37ac5ed8f3e6fe7b542e93a9dcdcc11d0bc
439bb68e4b99a7037363e3c9671380459a2e0aa1c8276fb1c68823da04608a3d
439ea1ebd843d4f1a7e297824947c0572200caad2cfc1554c3a54f28df57d2ef
43af19eff5cc628f7cc09c2019fd07f11e44337b5454ed17ab8a10bfd00398dc
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
44852fe22a924101bfd0a59d234a400863ca0a7602058af8b3a2afb90851183f
4a9a6afeba8624295a87efaf0d3c76fa7a55271f310adffcfa683bccacc0fc5d
4ac51ffc4bca5ed831338ca7656a8446f9dd02fb72c7c70e0440a6cffd8cdf99
4b0bb6d8a058a42f5caa03df8bb35b72fed5a1987f6e10602ceb384ddb10d41a
4ee6dbbb7f5b8dc7e29c106798a7fa5da63ef19e59ba11e2254890284c62e7c4
4f53cda18c2baa0c0354bb5f9a3ecbe5ed12ab4d8e11ba873c2f11161202b945
53be1dac57456d1c758599183b9f5b14c95fe22ea6bc0ee70da5d989ef8a9407
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
56fb1c1f3f3b9490c85f6698e18f19ea3a2ed443ca43db501b465b43482a0a7a
5825a682d41932f76e0cb9afa5967e2b7f236a2f9439587bc6d937bc76edf005
5a5fcdbc50a5de079e6e6542d568f7d7a96a1ca1be1ee2f4cbf0fdb1a0574225
5a8c1e7681318caa29e9f44e8a6e271f6a4067a2703e9916dfd4fe9099241db7
5e65e8004e290b5a96965b9032f949a01bde556451aea27aaaedd4646ba377c7
617e380247c74612246759aaa26f95159c043538dfd9c9c0554cdee3169f304e
62367c69a906d55ff6cacb5b8b3edb8a7a77646ad5634bf7d0c9d5a864102f84
63295c4779fea180f694aaceb655dc2f7838389610d51997ea2ca50881cc09e2
64c7e49c281ac235d174f1e183eeb05a56b5dd97bd5499f2a6320f4657c2d1ec
65b6ba48254db607c979d3dce5fe9761e7f98b4ea6b241d7528864e8b016c85a
6609bd32ab3c76dd22515334496d60ef456a3a0c0dfe4561acb676d7707a7ea7
672950f42176b6f7449e2ea52f227bf075dbbdc1c5810c3ea3db997f618f97fc
68044eaef1841a02213086348bf81a382b3bee100aa54c7369c947da239a0357
6b6e3741da64b258a30bc3b319b26abc9f5071f6a535c50d5720ddfd23fcefd5
6cdcb3816fc3de3d3224300d1939002a7566457f9dcb84fd7f9c4cd41595539d
6e65f53664b79dc2745bb7693e3be591e57bc088552ccf635590eeeef672b468
70d3ee03b81dd8671144ec4457dd3f0a59ad55fb1d17a2bd91a53e17b03afa62
7127d15642f8979cf58784f91d487e77a81cd8e1db0e8547cb683f62829ad7d0
72197b944952d763f50177fc294aa394c60991dfc529e34343a7b9e7542afc7d
7281bc622c3348494d789c1d5ac85c01f3bf4842a5d02c0700508567aed13378
73f5d091c1f3f07eb2f31688d9312e8dc8029ad605036d77bc437fccdd400065
75a28d05fdb8a68702891739e91dbcc63f36486f1a0b267591bd6f273f3160ce
791a519318f021e2fb0f0d242dcb8b2be51a2e32119e0ac6aa9d3b2f29b9cd0e
7ac855056d8c0e0f5e39b1dd47eaa57a0d55a733c0ce91cdda93999dbf8ab518
7eb678d1e8d1866ad3cef9b1bbeadbf2626fa8b5754f5465bb3782593e7fabbc
7fe606288832a08bf522ae87b59526b4aad177ad43ef85fb3476cde34522c88a
80f5e517c749d3478bd6216db7452221a13bf6db6148a4c821e95783f93a20ff
82f12d9b91af1f68ede816d37db668f8684e1ebc99b2bd03d8d7fb505a4a942c
888ae88df52dbf2efd563c8d79b82580bdef5190b7bc2ce6e860408167579d30
8ad6d13fee83b71a4d43a8be8b00b758afb39d6ac6ceb1d301400c4cd1998ae8
8aef6916ec4334250732e3ab175e6b500e72d93775a5d4cd608f016329a7ae89
8b215a3e794574ac7688c0c845b07fc68d98bca0e8393fc6ce86a32a2d203f4d
8bf846c6758f7f66e0000cd2888a9224c8bb7116ec149c999034e71a6c38804e
8d6503099eb499e121308418af58c8981dd9dcddcb158bb5c11b226bc2867f78
8f13392da90da141638d9ce7e7f84a7142b4b2e2cf5f0898927c86e548e1cffc
8fb57e05dd15f57d3b71259e5946ccde124f6c19802a71f3313eb49215055a2f
8fb95c7969fdc3f557910082655914b0409b020e39821b5eea8b074a2c4187b0
9182e5785106498f498602328fe7137d757143fcf66ff2f263ac75f3ca54d7e2
92751b3021e21325c6502131ebecd2a008fe489956e08697d38741f1e5af9134
93b0677eac4ffeac01a74ebb00e4b5851bcb705101304102301b6c09e1fce1c0
942cd06159f3f74a9d783c18842bc13de37f5f8e09c3c9df20ce80a75312cdcf
9741696519f07e328276ea6794b22ae8643e4c963d48097137e583428c3b8612
97418d4ece7755a0187c246ab2cf1855e055d67ca779eb49c45a3363885345df
9784b4e6fa053d66403311ec1ae59678aabde9f8e40627783c594786efda06a2
993bb9be452ded2e791248f9a5a60c8d96d6c2db7cf73a1eb6c7f3a6fd9d1372
999be4194a46c5d65f2f5d4b98c077ef726c3f2f0b105b3060f4fa6aa7639259
9a620893a850e426ddd3522d284a92d039821ea06dddca53ea79b0ec5e2323ee
9adb21ebeae9f404040dc18be9a48f6ceb2a324874f62ef63fd5567de3b2c20e
9b18da3e72e5bb1c131e79ea91331290139aa532fb1eba435dfe6478a370885b
9d581dfdd99698d758f2a64426000c944e0c5bf1462ebac3c47409c66980834f
9db627bc2100de400684a732411c3ab0fb507137fb7054dfa90b898e160d4214
9db738abf713283a38900faec09050ddcf6b4fa8aeafe8565ead1342c5d0f8b9
9dd316606967a03abedcf35c83300f9763241b13a2066f67dabff0573def70e5
9de3a0d4faba063680102ff637bd2b05f60a1fa558b60874a50be9880e3474f6
9fc7c3029252cf20f64f26c4858115a9c4aa62e971840977adc08f99fb33da29
a0402eb6fe1d3c3a771620e36cb7180c8b93490f8d510f10a92907ce1d2bbcd8
a05a3da08992dc27a1fdc7a98434a7f8393f85fa07d2d4fc60a7b008d70bcd3a
a16a2c808cca72b6fab3de1af615d5a8ab1c742defece73669fb29013ef957fc
a40bccb1c0f66459f283126bdbaa3c94e5e1bb11c11e904f364a3e6280c7cbe7
a884921bc536a42098ceb2ca03779fe403e028397750c7cbf27d3d8b4969ead3
aa9cbb9a44d3224aa1966b1da066dc14abedf0f67d4307befd5679698dd2f646
ad1303dc9951f456de277453f930d453afb78be0d40c6e95ec65b219c3715d42
afb2631f475053e09b4f1153c787d2b632d8e07aaacbd64de650fd99efa42836
b02546b57554da630a4827a7755b1f72d22374513f811dc0590ebe942758cbfa
b124b8d5489862f2862e333abeb3d83d7c8342134b98e0c76f730e1d526082cd
b1ef0b7808944a4be929303974900dc183ad461aed901c1a6b486a53575c9e0e
b3145b1cafac206bdd06e995741370b382451f97e4a2b26595739b9016be3538
b4fef596b95896436e92db38806748a6cb864c84d475ceee87001ee0cdcefea9
b5cdaa2a99c02e73f257a4876c7d045d3ddee0e5d9272053e1fc0ed397fce72c
b61fea3d7f849932b01feba2a729e75ea378258978714fb4fd10568baa4104e9
b6cc91b88a0e4b6ceb9c85e5388d8a52e4983ae06a623c945c539874f59e0931
b73c41daa21e9b4f50cee6d67b7a16c65b292a0925e324ddff82fe6a16a6ce38
b86f77256bb25c1d3c54b9abbe62d4da08d57f78df65f10cd496c81b363b1c4d
bbf1cc51396e32d938a1703d7821cc2c7dfc3ae74cf9a982a12274f4d3dbaea0
bdcd3889abcea77e320b4693680dedd72fe04d1f8a4f91f48ad95ad4d867fa5c
beca80824e2e357211cb3c530334e571f84292195ad3b5b76c42b864877f831e
bf7340f5f43011f8b3fa46a4b3131c7612f9786571843f2fb163d3c79da36b16
bff5c0074ba392b4f04642c753dc35fa31b6809fd1619044668fb51de973afd1
c5ab2f14a34d3a717bc57be15e2dd008815c013b07b69c22ca362df5fa93e5c3
c77d7cf308c731e61d1e11dd647209c66c148c1b9f8236eeb1fe4a15a7086bba
cb381b6c654e6c059e2b1decb1648fb741fa8592c2bb3e8f9bdf23ef61da527a
cc6516a7f2ee373787944faca2b086814681696878be8f4198a4fb6d48957a38
ce232ec3e32c79734522045651917b9fc38b0dc093e4fca135cccc100da4e7e1
cf20b62a8aad2bb30ba67126f7f265155657c5d0451a2a7667b71ed04b565953
d22c8b6bb5bf671dce15075d342bfb5cb64950bfb141ebea0f2fc3b2b7b8e1bf
d9dac1d5766f52e5b13073c30dcb2dad6d108dafaaf6acc3500063e162e585bd
dcb004f76d7e2ed45b8215de6027794fe59ad4d5ffbe296a1987b3129c0fe6d2
ddbf33f7ac64d0b5deabafa70289ce46e878e739c2d571b9346f4d3ffa2e3bc1
de5341313a4dc5d982ca50ae4a491e84bc5e80b0f439d87f05fc3973c1b7e59a
de8b10915691b7ef810fbf8d0caae729a57fca16672b79a777ec04e72edf068e
e1985dfbdee650a5848bb31b34e13fddf467050a6c1f35f8fc60bdebc502d082
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4b0f2b2c07d2757458471d62912c553945019206225b2652f3579aafbf9ac77
e5ae2ac981be73fab9bb7bd45b1dec87fd54841c5724b94644802312e54edc7f
e63d6414c684904ae82274009988e00b8fe24869f3d1ebd358b9cfb45eda8095
e79b59c22ca684f9de8a73d41964f0c80ee9ca68713f35c33ad4fccf8cf64ffa
e8e797bb8d2796f47c1098cb4b145b28cb73a4347e50cd86dfa23c550fa13078
eb34e22f3710d1b451a51b5e24e01fe848a99a06377b6fcb4f5c358abdb5d155
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f430745adcf156438359f23e90050594f02806f223767a37d673d64519f49204
f6403996a306c2c571b0167780ac0cd0039f302504e1536ec2fa5e6f95c9abf7
f6d032132eed5aa1a417456f07864c51fe631858b190224cf7d1a50116d15f48