app.emoney.com Open in urlscan Pro
2a02:26f0:480:d::210:f157 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://app.emoney.com/
Effective URL:
https://app.emoney.com/signin?ReturnUrl=%2f
Submission: On August 11 via manual (August 11th 2023, 3:23:25 pm UTC) from US — Scanned from DE

Summary HTTP 38 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 10 IPs in 2 countries across 8 domains to perform 38 HTTP transactions. The main IP is 2a02:26f0:480:d::210:f157, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is app.emoney.com. The Cisco Umbrella rank of the primary domain is 613617.
TLS certificate: Issued by Entrust Certification Authority - L1M on September 20th 2022. Valid for: a year.

This is the only time app.emoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 25	2a02:26f0:480... 2a02:26f0:480:d::210:f157	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	2a00:1450:400... 2a00:1450:4001:82f::200a	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:80e::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6810:5614	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:82b::2008	15169 (GOOGLE) (GOOGLE)
1 1	216.235.178.60 216.235.178.60	11609 (ELAVON) (ELAVON)
4	95.101.111.159 95.101.111.159	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
1	152.199.19.160 152.199.19.160	15133 (EDGECAST) (EDGECAST)
1	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2a00:1450:400... 2a00:1450:4001:80e::200e	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
38	10

25 2a02:26f0:480:d::210:f157 (Frankfurt am Main, Germany) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

app.emoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:82f::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:80e::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

ajax.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6810:5614 (United States)

ASN13335 (CLOUDFLARENET, US)

cdn.jsdelivr.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:82b::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 216.235.178.60 (United States) 1 redirects

ASN11609 (ELAVON, US)

elavonpayments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 95.101.111.159 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a95-101-111-159.deploy.static.akamaitechnologies.com

www.elavonpayments.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.emoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 152.199.19.160 (United States)

ASN15133 (EDGECAST, US)

ajax.aspnetcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:80e::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
28	emoney.com 2 redirects app.emoney.com — Cisco Umbrella Rank: 613617 www.emoney.com	7 MB
3	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 54 region1.google-analytics.com — Cisco Umbrella Rank: 2069	21 KB
2	elavonpayments.com 1 redirects elavonpayments.com — Cisco Umbrella Rank: 960774 www.elavonpayments.com	10 KB
2	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 65	140 KB
2	jsdelivr.net cdn.jsdelivr.net — Cisco Umbrella Rank: 356	50 KB
2	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 67 ajax.googleapis.com — Cisco Umbrella Rank: 392	37 KB
1	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 986	15 KB
1	aspnetcdn.com ajax.aspnetcdn.com — Cisco Umbrella Rank: 2077	30 KB
38	8

	Domain	Requested by
25	app.emoney.com	2 redirects app.emoney.com
3	www.emoney.com	app.emoney.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	www.googletagmanager.com	app.emoney.com www.googletagmanager.com
2	cdn.jsdelivr.net	app.emoney.com
1	region1.google-analytics.com	www.googletagmanager.com
1	maxcdn.bootstrapcdn.com	app.emoney.com
1	ajax.aspnetcdn.com	app.emoney.com
1	www.elavonpayments.com	app.emoney.com
1	elavonpayments.com	1 redirects
1	ajax.googleapis.com	app.emoney.com
1	fonts.googleapis.com	app.emoney.com
38	12

This site contains links to these domains. Also see Links.

Domain
www.emoney.com
elavonpayments.com

Subject Issuer	Validity	Valid
cloud.emoney.com Entrust Certification Authority - L1M	`2022-09-20` - `2023-10-20`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
sni.cloudflaressl.com Cloudflare Inc ECC CA-3	`2023-05-02` - `2024-05-01`	a year	crt.sh
*.google-analytics.com GTS CA 1C3	`2023-07-17` - `2023-10-09`	3 months	crt.sh
*.vo.msecnd.net DigiCert SHA2 Secure Server CA	`2023-05-05` - `2024-04-28`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://app.emoney.com/signin?ReturnUrl=%2f
Frame ID: 77960A95EC275D3A40F87260E4777059
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Sign in to EMoney Enterprise Suite

Page URL History Show full URLs

http://app.emoney.com/ HTTP 301
https://app.emoney.com/ HTTP 302
https://app.emoney.com/signin?ReturnUrl=%2f Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Material Design Lite (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href="[^"]*material(?:\.[\w]+-[\w]+)?(?:\.min)?\.css

AngularJS (JavaScript Frameworks) Expand

Overall confidence: 100%
Detected patterns

\bangular.{0,32}\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtag/js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jsDelivr (CDN) Expand

Overall confidence: 100%
Detected patterns

<link [^>]*?href="?[a-zA-Z]*?:?//cdn\.jsdelivr\.net/
//cdn\.jsdelivr\.net/

Page Statistics

38
Requests

97 %
HTTPS

73 %
IPv6

8
Domains

12
Subdomains

10
IPs

2
Countries

7168 kB
Transfer

12756 kB
Size

8
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.emoney.com/password/forgot
Title: Forgot username / password?

Search URL Search Domain Scan URL

URL: https://www.emoney.com/get-started
Title: Create account

Search URL Search Domain Scan URL

URL: https://www.emoney.com/docs/EMoney_MFA_User_Guide_Elavon.pdf
Title: MFA User Guide

Search URL Search Domain Scan URL

URL: https://elavonpayments.com/privacy-pledge
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://elavonpayments.com/terms-of-use
Title: Terms of Use

Search URL Search Domain Scan URL

URL: https://elavonpayments.com/support/
Title: Support

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://app.emoney.com/ HTTP 301
https://app.emoney.com/ HTTP 302
https://app.emoney.com/signin?ReturnUrl=%2f Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 5

https://elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png HTTP 302
https://www.elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request signin Show response
app.emoney.com/
Redirect Chain

http://app.emoney.com/
https://app.emoney.com/
https://app.emoney.com/signin?ReturnUrl=%2f

19 KB
10 KB

387ms
387ms

Document
text/html

2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d7572e8343e08a7f09307d037ad89943291e83e296cf93477c4dcec4fe5f18f

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: private, max-age=0
content-encoding: gzip
content-length: 6500
content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
content-type: text/html; charset=utf-8
date: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
expires: Fri, 11 Aug 2023 15:23:17 GMT
last-modified: Fri, 11 Aug 2023 15:23:17 GMT
nel: {"report_to":"default","max_age":10886400}
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: strict-origin
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
strict-transport-security: max-age=31536000; includeSubDomains; preload
vary: Accept-Encoding
x-aspnetmvc-version: 5.2
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss

Redirect headers

access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
access-control-allow-origin: *
access-control-max-age: 86400
cache-control: private
content-length: 160
content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
content-type: text/html; charset=utf-8
date: Fri, 11 Aug 2023 15:23:17 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
location: https://app.emoney.com/signin?ReturnUrl=%2f
nel: {"report_to":"default","max_age":10886400}
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: strict-origin
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-aspnetmvc-version: 5.2
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss

GET
H2 200 libs
app.emoney.com/styles/ 437 KB
88 KB 606ms
605ms Stylesheet
text/css 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/styles/libs?v=31IrXeQ4a113tL96MsbTsaKJLr_sFrec0okK5LPLXmM1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

f2ae569d38e9bf1d01d21f506756da7da2bdc7ad4d25551a528f4a545af89713

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:18 GMT
nel: {"report_to":"default","max_age":10886400}
content-encoding: gzip
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/css; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
vary: Accept-Encoding
expires: Sat, 10 Aug 2024 15:23:18 GMT

GET
H2 200 icon
fonts.googleapis.com/ 2 KB
1 KB 139ms
49ms Stylesheet
text/css 2a00:1450:4001:82f::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/icon?family=Material+Icons|Inconsolata

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82f::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

94cdb3ef655b4b9c35086bcd77d02d06eaf9ac5f7816f32bb9f487814ea889e5

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000
date: Fri, 11 Aug 2023 15:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Fri, 11 Aug 2023 15:23:18 GMT

GET
H2 200 angular-material.min.css
ajax.googleapis.com/ajax/libs/angular_material/1.2.5/ 317 KB
36 KB 144ms
40ms Stylesheet
text/css 2a00:1450:4001:80e::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.googleapis.com/ajax/libs/angular_material/1.2.5/angular-material.min.css

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

80aa8c41237ce76edc65442721267cf45e6305e0c7456c3ba07c883de876c84b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 04 Aug 2023 17:33:04 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 597014
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/hosted-libraries-pushers
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 36491
x-xss-protection: 0
last-modified: Fri, 27 Jan 2023 21:46:34 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="hosted-libraries-pushers"
vary: Accept-Encoding
report-to: {"group":"hosted-libraries-pushers","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/hosted-libraries-pushers"}]}
content-type: text/css; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=31536000, stale-while-revalidate=2592000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 03 Aug 2024 17:33:04 GMT

GET
H2 200 jquery.hosted-payments.min.css
cdn.jsdelivr.net/gh/etsms/hosted-payments@latest/dist/ 42 KB
8 KB 142ms
47ms Stylesheet
text/css 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/etsms/hosted-payments@latest/dist/jquery.hosted-payments.min.css

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ec2d8b88c65e90968f9b563c65fb2b8e8f8607da04e21dbbd4e955f4ba7791b1

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 38582
x-jsd-version: 5.1.3
content-encoding: br
x-cache: HIT, MISS
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230072-FRA, cache-bma1679-BMA
x-jsd-version-type: version
server: cloudflare
etag: W/"a8d1-gfhknMkYR76nrSHTCcgHsMgr9/Q"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=rMF56rBaABTQbLcAfMjVyYis4yY1C%2F30vIo5YoOZixG6Li7KePGWWnYdHAix5SDQRAttOTy0vH4a5k5weOnZS61x9aMliW90pbydWeEMZM2AGl6Aaauq8tuRKBjwEcQWU3pzz1w8rebQznWAonU%3D"}],"group":"cf-nel","max_age":604800}
content-type: text/css; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7f517a9f2b2a926d-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 180 KB
66 KB 149ms
58ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=UA-118122076-2

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

181ccac6b47c771e21ed7a4618554936ea95f72269a0528af43f0f7726d0ac12

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:18 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66664
x-xss-protection: 0
last-modified: Fri, 11 Aug 2023 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Fri, 11 Aug 2023 15:23:18 GMT

GET
H2

200

ETS-Logo-small.png
www.elavonpayments.com/Public/Styles/Images/
Redirect Chain

https://elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png
https://www.elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png

10 KB
10 KB

277ms
52ms

Image
image/png

95.101.111.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Server

95.101.111.159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a95-101-111-159.deploy.static.akamaitechnologies.com

Software

Resource Hash

6fcca84f1a12c8ba4b2f3ab8d7ba30d7697d38db9876500126c14b90b3d3e5c7

Security Headers

Name	Value
Content-Security-Policy	default-src https: data: 'unsafe-inline' 'unsafe-eval'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1;mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: default-src https: data: 'unsafe-inline' 'unsafe-eval'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
referrer-policy: strict-origin
last-modified: Mon, 27 Sep 2021 10:55:10 GMT
date: Fri, 11 Aug 2023 15:23:19 GMT
etag: "03bea238eb3d71:0"
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31536000
feature-policy: geolocation ; *midi ; *notifications ; *push ; *sync-xhr ; *microphone ; *camera ; *magnetometer ; *gyroscope ; *speaker ; *vibrate ; *fullscreen ; *payment *;
server-timing: cdn-cache; desc=HIT, edge; dur=1, ak_p; desc="1691767399729_35115167_441303389_112_9182_38_0_146";dur=1
accept-ranges: bytes
content-length: 9919
x-xss-protection: 1;mode=block

Redirect headers

Location: https://www.elavonpayments.com/Public/Styles/Images/ETS-Logo-small.png
Server: BigIP
Connection: Keep-Alive
Content-Length: 0

GET
H2 200 jquery-3.4.1.min.js Show response
ajax.aspnetcdn.com/ajax/jQuery/ 86 KB
30 KB 172ms
44ms Script
application/javascript 152.199.19.160
EDGECAST

General

Check archive.org

Show headers Download Go to

Full URL

https://ajax.aspnetcdn.com/ajax/jQuery/jquery-3.4.1.min.js

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

152.199.19.160 , United States, ASN15133 (EDGECAST, US),

Reverse DNS

Software

ECAcc (frc/4CDC) /

Resource Hash

0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:18 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 28570220
x-cache: HIT
content-length: 30737
x-xss-protection: 1; mode=block
last-modified: Thu, 02 May 2019 18:32:11 GMT
server: ECAcc (frc/4CDC)
etag: "808705b151d51:0"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000
accept-ranges: bytes
timing-allow-origin: *

GET
H2 200 bootstrap.min.js Show response
maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/ 50 KB
15 KB 143ms
51ms Script
application/javascript 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/bootstrap/4.1.3/js/bootstrap.min.js

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 718, 718
age: 16538729
cdn-cachedat: 2021-06-08 00:28:56
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:06 GMT
server: cloudflare
cdn-requestpullcode: 200
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 43af1bb699d6f5a1ea32e49c4b884607
timing-allow-origin: *
cdn-requestcountrycode: US
cf-ray: 7f517aa178ae3688-FRA
cdn-requestpullsuccess: True

GET
H2 200 react.production.min.js Show response
www.emoney.com/js/MFA/ 16 KB
7 KB 403ms
155ms Script
application/javascript 95.101.111.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.emoney.com/js/MFA/react.production.min.js
Requested by: Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-159.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: ae6b8d0a0140ba2699f4d14835e7c662ed2b7a2b3762e8ba60e01d68e57fa536

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:19 GMT
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 11:24:00 GMT
etag: "1d9c6c62a527650"
vary: Accept-Encoding
content-type: application/javascript
server-timing: cdn-cache; desc=HIT, edge; dur=107, origin; dur=0, ak_p; desc="1691767398740_35115167_441302561_10697_9168_39_0_219";dur=1
accept-ranges: bytes
content-length: 6509
request-context: appId=cid-v1:57847e62-2f62-410b-97d3-c91058e82db2

GET
H2 200 react-dom.production.min.js Show response
www.emoney.com/js/MFA/ 162 KB
55 KB 529ms
435ms Script
application/javascript 95.101.111.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.emoney.com/js/MFA/react-dom.production.min.js
Requested by: Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-159.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 7d972c4b497910c0945730262ad41ba9f06a09512fb9a3732d824b0f23e1fe8e

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:19 GMT
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 11:24:00 GMT
etag: "1d9c6c62a50ce27"
vary: Accept-Encoding
content-type: application/javascript
server-timing: cdn-cache; desc=HIT, edge; dur=370, origin; dur=0, ak_p; desc="1691767398949_35115167_441302570_37043_10540_39_0_219";dur=1
accept-ranges: bytes
content-length: 55656
request-context: appId=cid-v1:57847e62-2f62-410b-97d3-c91058e82db2

GET
H2 200 babel.min.js Show response
www.emoney.com/js/MFA/ 3 MB
893 KB 505ms
424ms Script
application/javascript 95.101.111.159
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://www.emoney.com/js/MFA/babel.min.js
Requested by: Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 95.101.111.159 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a95-101-111-159.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 801a9d68bb508c833519e5b585c0cf2c718601f8390105a1a1813ebf598d104d

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:19 GMT
content-encoding: gzip
last-modified: Fri, 04 Aug 2023 11:24:00 GMT
etag: "1d9c6c62a62b4b4"
vary: Accept-Encoding
content-type: application/javascript
server-timing: cdn-cache; desc=HIT, edge; dur=364, origin; dur=0, ak_p; desc="1691767398949_35115167_441302569_36449_10585_39_0_182";dur=1
accept-ranges: bytes
content-length: 913670
request-context: appId=cid-v1:57847e62-2f62-410b-97d3-c91058e82db2

GET
H2 200 index.js Show response
app.emoney.com/auth/login/wmf/micro-app-loader/dist/umd/ 3 KB
2 KB 52ms
47ms Script
application/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/auth/login/wmf/micro-app-loader/dist/umd/index.js

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

none / Express

Resource Hash

561becff48f6dbededbef25320b3b8a40dafaae21863a7f192c4f473c84c1fad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 11 Aug 2023 15:23:18 GMT
last-modified: Mon, 24 Jul 2023 04:02:12 GMT
server: none
x-powered-by: Express
etag: W/"aa0-189860fd5a0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
x-envoy-upstream-service-time: 1
accept-ranges: bytes
content-length: 1366
expires: Fri, 11 Aug 2023 15:23:18 GMT

GET
H2 200 frameworks Show response
app.emoney.com/ 896 KB
900 KB 442ms
437ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/frameworks?v=Tpk8rKsKYhuEq_xJuKDG1r8URDSGMq5qkhW5cSZ-MTk1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

85877956b2a80ed28c35ab18271a417adfef088ddfde2237eada8b8b14986636

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 917685
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 angular Show response
app.emoney.com/ 268 KB
271 KB 190ms
185ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/angular?v=JGC8JN1_zmXmqrO20AeNnns17Ti6Bhvy6uzSJGnRxZ01

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

23d60d631b873a1c352efdf4bd861cb217f3a057a0a50b8aba0ab08b450f8e80

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 274646
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:18 GMT

GET
H2 200 app-modules Show response
app.emoney.com/ 7 KB
10 KB 188ms
183ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-modules?v=_IedUqTrsUwb5c331VFZGTM3UaH0GRAd8DlR8ICV09Q1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d9ca78f94b469d283c08240e62c29bdab27758122113a1daface9082db33d8c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 7210
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:18 GMT

GET
H2 200 app-router Show response
app.emoney.com/ 27 KB
30 KB 349ms
345ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-router?v=YZnrRXsbptAUYTSBTtDmzVJBjoshiiICioTKsaFNeOI1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0b36ff5bb86ee6c8b5337a029f0941e37a41eac8ed39026ee0c9868d4e45d18b

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 27517
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 jquery Show response
app.emoney.com/ 31 KB
34 KB 451ms
447ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/jquery?v=IdQcHpNRkwy8T2yf6FKA_GKq4i4NOdzJrrShH2erngA1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5685c11d12550b1d15ac68e2ee5c9c5a08d3ab5c12c2b85ff18650e60e3d1948

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 32011
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 bootstrap Show response
app.emoney.com/ 12 KB
15 KB 440ms
435ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/bootstrap?v=XHYAY2g_G1koCW9usLJDseh-ezVjlO_ats-KEb0ki_Y1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

107e77fdb5b5e26f8605fd71f3e5f408a74b52fb167a718417cf33e8756715f7

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 12004
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 wysiwyg Show response
app.emoney.com/ 138 KB
141 KB 195ms
190ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/wysiwyg?v=Yxa6n359bPS_06P4wpWu81jZ5BvKwoSvKzY6QM0GwgI1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

39ef57bdd1a78b4a6fd8d0bd3dc7e365df752f03ec8b1703502991eceacb9da1

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 141261
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:18 GMT

GET
H2 200 common Show response
app.emoney.com/ 330 KB
333 KB 197ms
193ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/common?v=jMJU1vj9SgVLQxo2jk5_IGjHs7gHy4OEIe_gkRu7Yhg1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

aebe0f9631235a669107d3b82641017e172f6f66fe1f4a8b03312477362528dc

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 337629
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:18 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:18 GMT

GET
H2 200 app-documents Show response
app.emoney.com/ 12 KB
15 KB 359ms
354ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-documents?v=GjtzEUNyxa7KAiSXG9BlGNBUtPf7sWoZFlhmkE8rA4k1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0e51e2ae274571f93780ad8542c6ae6f21046dc29930834cea8fa641fd35f1da

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 11930
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-controllers Show response
app.emoney.com/ 355 KB
358 KB 485ms
481ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-controllers?v=tzq7wqodRjI5OgryGlmVEPblS03P3AKbuFGHD8g2l_81

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

29ed7b94494e0e14130183a181dd932f6cf34b859ae79875c2bf24f96c45c2cf

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 363110
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-services Show response
app.emoney.com/ 224 KB
227 KB 471ms
467ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-services?v=mX0WYlXjQQ8ngX7LHAzvM5xObtCpkfPn_q0DqE9VrQc1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

5c2e2dfb06f513d9b4397fcb95275e99ab4e85f50610eeffed220a87eb3a53c4

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 229095
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-factories Show response
app.emoney.com/ 2 KB
6 KB 447ms
444ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-factories?v=aNG7_XpHefrMzmzonnLLow8WQ3_Ju3lKeYLraWKlcec1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

2bff508b8881286a2c4f9b185a215cfb71ca6e96a60ea3dec07309a0829c81b8

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 2542
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-filters Show response
app.emoney.com/ 5 KB
8 KB 453ms
449ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-filters?v=9GYoxn2pdup084FlAk8pfF8ZK1qDTEZqYlYfiIT6heE1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

0dcb3f1e76823e7a7e15db20cf92baa7e25649de2dff759fbae9b08d48db608c

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 4724
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-directives Show response
app.emoney.com/ 540 KB
544 KB 488ms
485ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-directives?v=Lq_-6mRAGpJYJ9exSV-lTM9-M8ZEh2Rcn0J5EQnLCDc1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

1e33bbe34cc296e801691c05a60462f9c12e7fecbe60d0189a19e7909ac12d78

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 553035
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 alasql Show response
app.emoney.com/ 2 MB
2 MB 386ms
383ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/alasql?v=53kvqJCkZGPNMvB_YKkj_a8DKjErkZvVGeFD1K93IPg1

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

6213cdc3bc77bb5996998f7193c03ce73142598e19e9bfe4559765764e5871cd

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 2238522
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 app-animations Show response
app.emoney.com/ 103 KB
106 KB 460ms
457ms Script
text/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/app-animations?v=n7k_wmY0A_dHjqK4bUICZ3jRNlakGHawzvd49HpKgW41

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

e4c224a00a0fd4f69b929585db833049189d4043ff3e7b8f6622639fe2336cff

Security Headers

Name	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

content-security-policy: script-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: *.hcaptcha.com giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; form-action 'self' https: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com *.usbank.com *.us.bank-dns.com *.placehold.it *.global.prv *.google-analytics.com *.jsdelivr.net *.rawgit.com *.githubusercontent.com *.google.com *.googleapis.com *.googletagmanager.com *.gstatic.com *.typekit.net *.fontawesome.com *.typekit.net *.azurewebsites.net *.niftyimages.com *.emoney.com *.etsdev.net *.etsms.com *.billpay.io *.etsemoney.com *.elavon.com *.elavonpayments.com; media-src 'self' https: *.usbank.com *.us.bank-dns.com; object-src 'self' https: *.usbank.com *.us.bank-dns.com; frame-ancestors 'self' https: *.usbank.com *.us.bank-dns.com; frame-src 'self' https: *.usbank.com *.us.bank-dns.com *.hcaptcha.com *.google.com; worker-src 'self' https: *.usbank.com *.us.bank-dns.com; base-uri 'self' https: *.usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 15:23:19 GMT
nel: {"report_to":"default","max_age":10886400}
content-length: 105058
x-xss-protection: 1; mode=block; report=https://reports.emoney.com/sh/xss
referrer-policy: strict-origin
last-modified: Fri, 11 Aug 2023 15:23:19 GMT
expect-ct: max-age=604800, report-uri="https://reports.emoney.com/sh/ct"
access-control-max-age: 86400
access-control-allow-methods: GET,PUT,POST,DELETE,OPTIONS,HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
report-to: {"group":"default","max_age":10886400,"endpoints":[{"url":"https://reports.emoney.com/sh/rt"}],"include_subdomains":true}
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
x-frame-options: SAMEORIGIN
access-control-allow-headers: Accept, Accept-Language, Content-Language, X-Requested-With, Accept-Encoding, Cache-Control, Authorization, Content-Type, X-Client-Id, X-Forwarded-Proto, X-Forwarded-For, X-Correlation-ID, CorrelationId, True-Client-IP, X-Api-App-Key, X-Api-Required-PIN-Verification, X-Api-Access-Token, X-Api-Login-Service-Token, X-Api-Auth-Key-Status, X-Api-Route-Permission, X-Api-Access, X-Api-Data-Key, X-Api-Name, X-Forwarded-For, X-Response-Time-Milliseconds, X-Csrf-Token, X-Forwarded-For-Api
expires: Sat, 10 Aug 2024 15:23:19 GMT

GET
H2 200 jquery.hosted-payments.min.js Show response
cdn.jsdelivr.net/gh/etsms/hosted-payments@latest/dist/ 173 KB
42 KB 55ms
52ms Script
application/javascript 2606:4700::6810:5614
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://cdn.jsdelivr.net/gh/etsms/hosted-payments@latest/dist/jquery.hosted-payments.min.js

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/signin?ReturnUrl=%2f

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6810:5614 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a08582f7c4664dfd7a5ed8948fb3465692415851b9c9632fa2e8cf41ae6a15a6

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:18 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age: 38582
x-jsd-version: 5.1.3
content-encoding: br
x-cache: HIT, HIT
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-served-by: cache-fra-eddf8230068-FRA, cache-yyz4527-YYZ
x-jsd-version-type: version
server: cloudflare
etag: W/"2b597-W+vWayxEXpnMzzxa0Sikf9iJJqA"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=TEL1Mh9uMOu57ecPlT6c6speE4UcWxk9iShAX4YLhniicB1Et7%2BFsbJxMn%2B9arijCVkZowSb30TGYgn1H5vB2HfI7edodkr3DtgruulG9x8X02JG%2FG7XImlpclF%2BzNAn28JSIw4EzeU9Gck5OlM%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-expose-headers: *
cache-control: public, max-age=604800, s-maxage=43200
timing-allow-origin: *
cf-ray: 7f517aa2eed8926d-FRA

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 209 KB
75 KB 55ms
54ms Script
application/javascript 2a00:1450:4001:82b::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-323WLYM1PM&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-118122076-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:82b::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

25083e2a99ab53e9804cd22c7f57afa33937387efe0719852a0815038dea0244

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:19 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 76569
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Fri, 11 Aug 2023 15:23:19 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 128ms
39ms Script
text/javascript 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-118122076-2

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Fri, 11 Aug 2023 13:44:23 GMT
last-modified: Mon, 12 Jun 2023 18:23:07 GMT
server: Golfe2
age: 5936
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Fri, 11 Aug 2023 15:44:23 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
253 B 138ms
47ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-323WLYM1PM&gtm=45je3890&_p=1862636955&cid=2068010801.1691767399&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EAAI&_s=1&sid=1691767399&sct=1&seg=0&dl=https%3A%2F%2Fapp.emoney.com%2Fsignin%3FReturnUrl%3D%252f&dt=Sign%20in%20to%20EMoney%20Enterprise%20Suite&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-323WLYM1PM&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

pragma: no-cache
date: Fri, 11 Aug 2023 15:23:19 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://app.emoney.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 1 B
205 B 47ms
46ms XHR
text/plain 2a00:1450:4001:80e::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1862636955&t=pageview&_s=1&dl=https%3A%2F%2Fapp.emoney.com%2Fsignin%3FReturnUrl%3D%252f&ul=en-us&de=UTF-8&dt=Sign%20in%20to%20EMoney%20Enterprise%20Suite&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAUABAAAAACAAI~&jid=206450108&gjid=696407089&cid=2068010801.1691767399&tid=UA-118122076-2&_gid=937057355.1691767399&_r=1&gtm=457e3890&jsscut=1&z=1093825727

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:80e::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://app.emoney.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
Content-Type: text/plain

Response headers

pragma: no-cache
date: Fri, 11 Aug 2023 15:23:19 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://app.emoney.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 1
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 manifest.json Show response
app.emoney.com/auth/login/wmf/latest-custom/ 883 B
2 KB 458ms
458ms Fetch
application/json 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/auth/login/wmf/latest-custom/manifest.json

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/auth/login/wmf/micro-app-loader/dist/umd/index.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

none / Express

Resource Hash

2842561b134510043bb3669a322d19e0d21c2ab0ef1c0d70fc6276ece2d9c45a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
date: Fri, 11 Aug 2023 15:23:21 GMT
last-modified: Mon, 24 Jul 2023 04:01:40 GMT
server: none
x-powered-by: Express
etag: W/"373-189860f58a0"
content-type: application/json; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
x-envoy-upstream-service-time: 1
accept-ranges: bytes
content-length: 883

GET
H2 200 main-8a37bd96c39623e3b548.js Show response
app.emoney.com/auth/login/wmf/latest-custom/ 3 MB
577 KB 157ms
157ms Script
application/javascript 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/auth/login/wmf/latest-custom/main-8a37bd96c39623e3b548.js

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/auth/login/wmf/micro-app-loader/dist/umd/index.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

none / Express

Resource Hash

3dd222590c15587a1f76b43b4b60276f5ad5dfef49f8d92319cfd4f57255f323

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://app.emoney.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains, max-age=31536000; includeSubDomains
content-encoding: gzip
date: Fri, 11 Aug 2023 15:23:21 GMT
last-modified: Mon, 24 Jul 2023 04:01:40 GMT
server: none
x-powered-by: Express
etag: W/"29fa9a-189860f58a0"
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: public, max-age=0
x-envoy-upstream-service-time: 1
accept-ranges: bytes
content-length: 590253
expires: Fri, 11 Aug 2023 15:23:21 GMT

GET
H2 200 config Show response
app.emoney.com/authentication/customer-auth/app-config/v1/ 1 KB
2 KB 369ms
368ms XHR
application/json 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/authentication/customer-auth/app-config/v1/config

Requested by

Host: app.emoney.com
URL: https://app.emoney.com/auth/login/wmf/latest-custom/main-8a37bd96c39623e3b548.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Resource Hash

9d49f781624408a45100e71863550890c53e9082868fc2a090db28f0781bfce3

Security Headers

Name	Value
Content-Security-Policy	default-src 'self';
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Correlation-ID: 90b11694-4189-4560-8fd2-ae5fd505eda3
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36
AK: zQY4pxcYUIiXnZcajNB6I56wDA8E7M3S
Accept: application/json, text/plain, */*
Referer: https://app.emoney.com/
App-ID: ETSCoreServices
Tenant-ID: ELAVON
Channel-ID: emoney_enterprise_web
Interaction-ID: 40ad754b-b5e3-49ab-b094-82e3b636accf
App-Version: 1

Response headers

strict-transport-security: max-age=31536000; includeSubDomains
content-encoding: gzip
correlation-id: 90b11694-4189-4560-8fd2-ae5fd505eda3
content-security-policy: default-src 'self';
date: Fri, 11 Aug 2023 15:23:21 GMT
vary: Accept-Encoding
content-type: application/json
cache-control: no-store
x-envoy-upstream-service-time: 24
content-length: 770

GET
H2 200 HelveticaNeueLTW04-55Roman.woff2
app.emoney.com/common/static/fonts/ 41 KB
42 KB 467ms
466ms Font
application/octet-stream 2a02:26f0:480:d::210:f157
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://app.emoney.com/common/static/fonts/HelveticaNeueLTW04-55Roman.woff2

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2a02:26f0:480:d::210:f157 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

Software

Apache /

Resource Hash

f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1

Request headers

Referer: https://app.emoney.com/signin?ReturnUrl=%2f
Origin: https://app.emoney.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.170 Safari/537.36

Response headers

date: Fri, 11 Aug 2023 15:23:22 GMT
x-content-type-options: nosniff
last-modified: Tue, 27 Jun 2023 09:34:29 GMT
server: Apache
etag: "a58c-5ff192c79d340"
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
access-control-allow-origin: *
cache-control: max-age=84600
content-disposition: attachment; filename="HelveticaNeueLTW04-55Roman.woff2"
accept-ranges: bytes
content-length: 42380
x-xss-protection: 1

Verdicts & Comments Add Verdict or Comment

140 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

8 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
app.emoney.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: dy2uipr52ymdj1zl4wm4xwvq
.emoney.com/	1970-01-20 23:32:07	Name: _ga_323WLYM1PM Value: GS1.1.1691767399.1.0.1691767399.0.0.0
.emoney.com/	1970-01-20 23:32:07	Name: _ga Value: GA1.2.2068010801.1691767399
.emoney.com/	1970-01-20 13:57:33	Name: _gid Value: GA1.2.937057355.1691767399
.emoney.com/	1970-01-20 13:56:07	Name: _gat_gtag_UA_118122076_2 Value: 1
.emoney.com/	1970-01-20 13:56:14	Name: ak_bmsc Value: 2899420468B3E1A9673C91EE56E97C99~000000000000000000000000000000~YAAQF/AQAi+LMsCJAQAAc+kx5RTmqPWB2H+pJWIejuX7VGE9tmlOSSsKuFG+sov1fk+ONo2fl46lZSqiejMwAdxRCzgiFj0e3Lgvz0vryphAaQDPT5RUWvH0BIgoi4KuQbZQ/HZ5dhf6EuhhkZX3oibt76op4QZMeq2LB7vMdrONCA4CtJ1vIHOkouvubQlRhI4hl/zJd+LKqRNL3LnFHF7VZaFgvtBkD0PbCJx0gjO/3aSXrFFKVGZyh5fqzuPRYUz0Vz4On6MZZcup7+MZeA1o/zLzbKdJ7tmceYZ8JDRMfKcAH8y6mDTWdHj0UXrBXivqMIK2ovhZVHGFbPcTzoRApUl4qOkz1f8cnlRcruRKJDNSgN1NWf96U+vfMYCbzOjhr+FcZxLochP/5U6gy6rMew6d2h1FCXgt
app.emoney.com/	1969-12-31 23:59:59	Name: EXTOLB-CBC Value: !eAom8v4tedbb+GdWnC/5xP+omLRg9YbKEg582yF3eT2171DgXKdsO3lT0ykbVoGSThRYmrF9/lGw+w==
.emoney.com/	1970-01-20 13:56:14	Name: bm_sv Value: A238FFF45F6F9F362A12B4CC1B8AA3D4~YAAQF/AQAl2LMsCJAQAAqe0x5RTsg2n7c+YN7LYviyRYcFniVCplmxmGn6melnoUxNgI2A9dzoOpyg0mm9XNTRRnBbsKl2l1cFFOiCiJWvQmWzL3cRJ8dgYDsFLgHok6yVtYhXGQiPCraOgwg8uga6PmqUoeLNWDGp+rDKnfo0Q+S7bEDDwiL5j7TtQMnn3A4SLEmVhv3Dl7P3pVf+mzT+ae8/vNkrFOgS5rrPc1kiZT18Rhn+ySlhL8Zy1rUfkF~1

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	script-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; style-src 'self' https: .hcaptcha.com giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com 'unsafe-inline' 'unsafe-eval'; connect-src * https: .usbank.com .us.bank-dns.com .hcaptcha.com; manifest-src 'self' https:; font-src 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; form-action 'self' https: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; img-src 'self' https: data: giftcard.golfnow.com .usbank.com .us.bank-dns.com .placehold.it .global.prv .google-analytics.com .jsdelivr.net .rawgit.com .githubusercontent.com .google.com .googleapis.com .googletagmanager.com .gstatic.com .typekit.net .fontawesome.com .typekit.net .azurewebsites.net .niftyimages.com .emoney.com .etsdev.net .etsms.com .billpay.io .etsemoney.com .elavon.com .elavonpayments.com; media-src 'self' https: .usbank.com .us.bank-dns.com; object-src 'self' https: .usbank.com .us.bank-dns.com; frame-ancestors 'self' https: .usbank.com .us.bank-dns.com; frame-src 'self' https: .usbank.com .us.bank-dns.com .hcaptcha.com .google.com; worker-src 'self' https: .usbank.com .us.bank-dns.com; base-uri 'self' https: .usbank.com;upgrade-insecure-requests; report-uri https://reports.emoney.com/sh/csp; report-to default
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block; report=https://reports.emoney.com/sh/xss

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

ajax.aspnetcdn.com
ajax.googleapis.com
app.emoney.com
cdn.jsdelivr.net
elavonpayments.com
fonts.googleapis.com
maxcdn.bootstrapcdn.com
region1.google-analytics.com
www.elavonpayments.com
www.emoney.com
www.google-analytics.com
www.googletagmanager.com
152.199.19.160
2001:4860:4802:34::36
216.235.178.60
2606:4700::6810:5614
2606:4700::6812:acf
2a00:1450:4001:80e::200a
2a00:1450:4001:80e::200e
2a00:1450:4001:82b::2008
2a00:1450:4001:82f::200a
2a02:26f0:480:d::210:f157
95.101.111.159
0925e8ad7bd971391a8b1e98be8e87a6971919eb5b60c196485941c3c1df089a
0b36ff5bb86ee6c8b5337a029f0941e37a41eac8ed39026ee0c9868d4e45d18b
0dcb3f1e76823e7a7e15db20cf92baa7e25649de2dff759fbae9b08d48db608c
0e51e2ae274571f93780ad8542c6ae6f21046dc29930834cea8fa641fd35f1da
107e77fdb5b5e26f8605fd71f3e5f408a74b52fb167a718417cf33e8756715f7
181ccac6b47c771e21ed7a4618554936ea95f72269a0528af43f0f7726d0ac12
1e33bbe34cc296e801691c05a60462f9c12e7fecbe60d0189a19e7909ac12d78
23d60d631b873a1c352efdf4bd861cb217f3a057a0a50b8aba0ab08b450f8e80
25083e2a99ab53e9804cd22c7f57afa33937387efe0719852a0815038dea0244
2842561b134510043bb3669a322d19e0d21c2ab0ef1c0d70fc6276ece2d9c45a
29ed7b94494e0e14130183a181dd932f6cf34b859ae79875c2bf24f96c45c2cf
2bff508b8881286a2c4f9b185a215cfb71ca6e96a60ea3dec07309a0829c81b8
39ef57bdd1a78b4a6fd8d0bd3dc7e365df752f03ec8b1703502991eceacb9da1
3dd222590c15587a1f76b43b4b60276f5ad5dfef49f8d92319cfd4f57255f323
561becff48f6dbededbef25320b3b8a40dafaae21863a7f192c4f473c84c1fad
5685c11d12550b1d15ac68e2ee5c9c5a08d3ab5c12c2b85ff18650e60e3d1948
56c12a125b021d21a69e61d7190cefa168d6c28ce715265cea1b3b0112d169c4
5c2e2dfb06f513d9b4397fcb95275e99ab4e85f50610eeffed220a87eb3a53c4
6213cdc3bc77bb5996998f7193c03ce73142598e19e9bfe4559765764e5871cd
6b86b273ff34fce19d6b804eff5a3f5747ada4eaa22f1d49c01e52ddb7875b4b
6fcca84f1a12c8ba4b2f3ab8d7ba30d7697d38db9876500126c14b90b3d3e5c7
7d972c4b497910c0945730262ad41ba9f06a09512fb9a3732d824b0f23e1fe8e
801a9d68bb508c833519e5b585c0cf2c718601f8390105a1a1813ebf598d104d
80aa8c41237ce76edc65442721267cf45e6305e0c7456c3ba07c883de876c84b
85877956b2a80ed28c35ab18271a417adfef088ddfde2237eada8b8b14986636
94cdb3ef655b4b9c35086bcd77d02d06eaf9ac5f7816f32bb9f487814ea889e5
9d49f781624408a45100e71863550890c53e9082868fc2a090db28f0781bfce3
9d7572e8343e08a7f09307d037ad89943291e83e296cf93477c4dcec4fe5f18f
9d9ca78f94b469d283c08240e62c29bdab27758122113a1daface9082db33d8c
a08582f7c4664dfd7a5ed8948fb3465692415851b9c9632fa2e8cf41ae6a15a6
ae6b8d0a0140ba2699f4d14835e7c662ed2b7a2b3762e8ba60e01d68e57fa536
aebe0f9631235a669107d3b82641017e172f6f66fe1f4a8b03312477362528dc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c224a00a0fd4f69b929585db833049189d4043ff3e7b8f6622639fe2336cff
ec2d8b88c65e90968f9b563c65fb2b8e8f8607da04e21dbbd4e955f4ba7791b1
f0d0bf9731f51367f0cafa9b577e7cc77c1532e7c66b27bd51f7c8bb670d05d6
f2ae569d38e9bf1d01d21f506756da7da2bdc7ad4d25551a528f4a545af89713

app.emoney.com Open in urlscan Pro 2a02:26f0:480:d::210:f157 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

38 Requests

97 %HTTPS

73 %IPv6

8 Domains

12 Subdomains

10 IPs

2 Countries

7168 kBTransfer

12756 kBSize

8 Cookies

6 Outgoing links

Page URL History

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

app.emoney.com Open in urlscan Pro
2a02:26f0:480:d::210:f157 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

97 %
HTTPS

73 %
IPv6

8
Domains

12
Subdomains

10
IPs

2
Countries

7168 kB
Transfer

12756 kB
Size

8
Cookies

38 HTTP transactions
0 data transactions