app.monarchmoney.com Open in urlscan Pro
2606:4700:10::6816:3d79 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://app.monarchmoney.com/
Submission: On August 29 via manual (August 29th 2024, 4:18:51 pm UTC) from US — Scanned from DE

Summary HTTP 135 Redirects Links 2 Behaviour Indicators

Summary

This website contacted 36 IPs in 5 countries across 29 domains to perform 135 HTTP transactions. The main IP is 2606:4700:10::6816:3d79, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.monarchmoney.com. The Cisco Umbrella rank of the primary domain is 290135.
TLS certificate: Issued by WE1 on July 17th 2024. Valid for: 3 months.

This is the only time app.monarchmoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
42	2606:4700:10:... 2606:4700:10::6816:3d79	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	54.240.174.7 54.240.174.7	16509 (AMAZON-02) (AMAZON-02)
2	2a04:4e42:400... 2a04:4e42:400::396	54113 (FASTLY) (FASTLY)
1	34.117.162.98 34.117.162.98	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
6	2.18.64.21 2.18.64.21	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	2620:1ec:29:1... 2620:1ec:29:1::44	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	146.75.120.157 146.75.120.157	54113 (FASTLY) (FASTLY)
1	52.222.214.43 52.222.214.43	16509 (AMAZON-02) (AMAZON-02)
1	93.184.221.165 93.184.221.165	15133 (EDGECAST) (EDGECAST)
1	104.244.42.3 104.244.42.3	13414 (TWITTER) (TWITTER)
1	151.101.1.140 151.101.1.140	54113 (FASTLY) (FASTLY)
1	151.101.65.140 151.101.65.140	54113 (FASTLY) (FASTLY)
2	2600:1901:1:7... 2600:1901:1:7c5::	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
5	35.186.247.156 35.186.247.156	15169 (GOOGLE) (GOOGLE)
1	13.32.121.112 13.32.121.112	16509 (AMAZON-02) (AMAZON-02)
4	104.18.70.113 104.18.70.113	13335 (CLOUDFLAR...) (CLOUDFLARENET)
1	2600:9000:223... 2600:9000:223d:1000:9:a6e8:8080:93a1	16509 (AMAZON-02) (AMAZON-02)
1	2a00:1450:400... 2a00:1450:400c:c07::54	15169 (GOOGLE) (GOOGLE)
2 4	142.250.185.100 142.250.185.100	15169 (GOOGLE) (GOOGLE)
1	184.30.208.159 184.30.208.159	16625 (AKAMAI-AS) (AKAMAI-AS)
2	184.24.77.156 184.24.77.156	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
2	151.101.0.176 151.101.0.176	54113 (FASTLY) (FASTLY)
1	2a00:1450:400... 2a00:1450:4001:811::2003	15169 (GOOGLE) (GOOGLE)
3	23.96.124.156 23.96.124.156	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
9	99.86.8.175 99.86.8.175	16509 (AMAZON-02) (AMAZON-02)
1	2600:9000:223... 2600:9000:223d:2000:6:5671:b9c0:93a1	16509 (AMAZON-02) (AMAZON-02)
1	104.16.53.111 104.16.53.111	13335 (CLOUDFLAR...) (CLOUDFLARENET)
2	2600:9000:26e... 2600:9000:26e8:0:d:cf84:bb40:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a00:1450:400... 2a00:1450:4001:813::200e	15169 (GOOGLE) (GOOGLE)
2	157.240.251.9 157.240.251.9	32934 (FACEBOOK) (FACEBOOK)
3	142.250.185.130 142.250.185.130	15169 (GOOGLE) (GOOGLE)
2	2620:1ec:33:1... 2620:1ec:33:1::10	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
2 2	142.250.186.98 142.250.186.98	15169 (GOOGLE) (GOOGLE)
2	142.250.181.227 142.250.181.227	15169 (GOOGLE) (GOOGLE)
2	3.228.185.195 3.228.185.195	14618 (AMAZON-AES) (AMAZON-AES)
1	35.186.224.24 35.186.224.24	15169 (GOOGLE) (GOOGLE)
135	36

42 2606:4700:10::6816:3d79 (United States)

ASN13335 (CLOUDFLARENET, US)

app.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
features.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
api.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
status.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 54.240.174.7 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-54-240-174-7.osl50.r.cloudfront.net

cdn.plaid.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)

www.redditstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 34.117.162.98 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.162.117.34.bc.googleusercontent.com

pixel.byspotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

6 2.18.64.21 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-18-64-21.deploy.static.akamaitechnologies.com

analytics.tiktok.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2620:1ec:29:1::44 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)

static.ads-twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 52.222.214.43 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-52-222-214-43.fra56.r.cloudfront.net

cdn.userleap.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 93.184.221.165 (London, United Kingdom)

ASN15133 (EDGECAST, US)

t.co	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.244.42.3 (United States)

ASN13414 (TWITTER, US)

analytics.twitter.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.1.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

pixel-config.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 151.101.65.140 (San Francisco, United States)

ASN54113 (FASTLY, US)

alb.reddit.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:1901:1:7c5:: (United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)

pixels.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 13.32.121.112 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-121-112.fra60.r.cloudfront.net

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)

static.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
ekr.zdassets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:1000:9:a6e8:8080:93a1 (United States)

ASN16509 (AMAZON-02, US)

events-cdn.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:400c:c07::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)

accounts.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 142.250.185.100 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra16s49-in-f4.1e100.net

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 184.30.208.159 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-208-159.deploy.static.akamaitechnologies.com

appleid.cdn-apple.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 184.24.77.156 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a184-24-77-156.deploy.static.akamaitechnologies.com

sdk-api-v1.singular.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.0.176 (San Francisco, United States)

ASN54113 (FASTLY, US)

js.stripe.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:811::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.96.124.156 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

w.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

9 99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net

cdn.segment.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:223d:2000:6:5671:b9c0:93a1 (United States)

ASN16509 (AMAZON-02, US)

streaming.split.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)

monarchmoney.zendesk.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2600:9000:26e8:0:d:cf84:bb40:93a1 (United States)

ASN16509 (AMAZON-02, US)

events-api.monarchmoney.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:813::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.251.9 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra5.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 142.250.185.130 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s50-in-f2.1e100.net

www.googleadservices.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:33:1::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

bat.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.186.98 (United States) 2 redirects

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f2.1e100.net

googleads.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.250.181.227 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s56-in-f3.1e100.net

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 3.228.185.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-185-195.compute-1.amazonaws.com

api.sprig.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.186.224.24 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 24.224.186.35.bc.googleusercontent.com

pixels.spotify.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
45	monarchmoney.com app.monarchmoney.com — Cisco Umbrella Rank: 290135 features.monarchmoney.com — Cisco Umbrella Rank: 85321 api.monarchmoney.com — Cisco Umbrella Rank: 133732 status.monarchmoney.com — Cisco Umbrella Rank: 204046 events-cdn.monarchmoney.com — Cisco Umbrella Rank: 426671 events-api.monarchmoney.com — Cisco Umbrella Rank: 271249	3 MB
9	segment.com cdn.segment.com — Cisco Umbrella Rank: 3005	48 KB
6	clarity.ms www.clarity.ms — Cisco Umbrella Rank: 1114 w.clarity.ms — Cisco Umbrella Rank: 8686	29 KB
6	tiktok.com analytics.tiktok.com — Cisco Umbrella Rank: 963	138 KB
5	google.com 2 redirects accounts.google.com — Cisco Umbrella Rank: 46 www.google.com — Cisco Umbrella Rank: 10	87 KB
5	sentry.io sentry.io — Cisco Umbrella Rank: 196	553 B
4	zdassets.com static.zdassets.com — Cisco Umbrella Rank: 3854 ekr.zdassets.com — Cisco Umbrella Rank: 4356	288 KB
3	googleadservices.com www.googleadservices.com — Cisco Umbrella Rank: 176	24 KB
3	stripe.com js.stripe.com — Cisco Umbrella Rank: 2856	158 KB
3	spotify.com pixels.spotify.com — Cisco Umbrella Rank: 5057	371 B
2	sprig.com api.sprig.com — Cisco Umbrella Rank: 6000	1 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6716	128 B
2	doubleclick.net 2 redirects googleads.g.doubleclick.net — Cisco Umbrella Rank: 77	48 B
2	bing.com bat.bing.com — Cisco Umbrella Rank: 534	16 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 236	71 KB
2	google-analytics.com www.google-analytics.com — Cisco Umbrella Rank: 104	86 KB
2	singular.net sdk-api-v1.singular.net — Cisco Umbrella Rank: 4433	307 B
2	reddit.com pixel-config.reddit.com — Cisco Umbrella Rank: 3241 alb.reddit.com — Cisco Umbrella Rank: 1969	761 B
2	redditstatic.com www.redditstatic.com — Cisco Umbrella Rank: 1561	13 KB
1	zendesk.com monarchmoney.zendesk.com — Cisco Umbrella Rank: 395342	937 B
1	split.io streaming.split.io — Cisco Umbrella Rank: 5063
1	gstatic.com www.gstatic.com	214 KB
1	cdn-apple.com appleid.cdn-apple.com — Cisco Umbrella Rank: 5013	17 KB
1	twitter.com analytics.twitter.com — Cisco Umbrella Rank: 1356	724 B
1	t.co t.co — Cisco Umbrella Rank: 979	376 B
1	userleap.com cdn.userleap.com — Cisco Umbrella Rank: 120065	27 KB
1	ads-twitter.com static.ads-twitter.com — Cisco Umbrella Rank: 1253	15 KB
1	byspotify.com pixel.byspotify.com — Cisco Umbrella Rank: 12410	22 KB
1	plaid.com cdn.plaid.com — Cisco Umbrella Rank: 29210	45 KB
135	29

	Domain	Requested by
19	app.monarchmoney.com	app.monarchmoney.com
15	features.monarchmoney.com	app.monarchmoney.com
9	cdn.segment.com	app.monarchmoney.com events-cdn.monarchmoney.com
6	api.monarchmoney.com	app.monarchmoney.com
6	analytics.tiktok.com	app.monarchmoney.com analytics.tiktok.com
5	sentry.io	app.monarchmoney.com
4	www.google.com	2 redirects app.monarchmoney.com www.gstatic.com
3	www.googleadservices.com	cdn.segment.com www.googleadservices.com
3	w.clarity.ms	app.monarchmoney.com
3	static.zdassets.com	app.monarchmoney.com static.zdassets.com
3	js.stripe.com	app.monarchmoney.com js.stripe.com
3	pixels.spotify.com	pixel.byspotify.com app.monarchmoney.com
3	www.clarity.ms	app.monarchmoney.com www.clarity.ms bat.bing.com
2	api.sprig.com	app.monarchmoney.com
2	www.google.de	app.monarchmoney.com
2	googleads.g.doubleclick.net	2 redirects
2	bat.bing.com	cdn.segment.com bat.bing.com
2	connect.facebook.net	cdn.segment.com connect.facebook.net
2	www.google-analytics.com	cdn.segment.com www.google-analytics.com
2	events-api.monarchmoney.com	app.monarchmoney.com
2	sdk-api-v1.singular.net	app.monarchmoney.com
2	status.monarchmoney.com	app.monarchmoney.com
2	www.redditstatic.com	app.monarchmoney.com www.redditstatic.com
1	monarchmoney.zendesk.com	static.zdassets.com
1	streaming.split.io	app.monarchmoney.com
1	www.gstatic.com	www.google.com
1	ekr.zdassets.com	app.monarchmoney.com
1	appleid.cdn-apple.com	app.monarchmoney.com
1	accounts.google.com	app.monarchmoney.com
1	events-cdn.monarchmoney.com	app.monarchmoney.com
1	alb.reddit.com	app.monarchmoney.com
1	pixel-config.reddit.com	www.redditstatic.com
1	analytics.twitter.com	app.monarchmoney.com
1	t.co	app.monarchmoney.com
1	cdn.userleap.com	app.monarchmoney.com
1	static.ads-twitter.com	app.monarchmoney.com
1	pixel.byspotify.com	app.monarchmoney.com
1	cdn.plaid.com	app.monarchmoney.com
135	38

This site contains links to these domains. Also see Links.

Domain
policies.google.com

Subject Issuer	Validity	Valid
monarchmoney.com WE1	`2024-07-17` - `2024-10-15`	3 months	crt.sh
secure.plaid.com DigiCert EV RSA CA G2	`2024-03-12` - `2025-03-11`	a year	crt.sh
www.redditstatic.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-23` - `2024-11-18`	6 months	crt.sh
pixel.byspotify.com WR3	`2024-08-19` - `2024-11-17`	3 months	crt.sh
*.tiktok.com RapidSSL TLS ECC CA G1	`2024-07-15` - `2025-07-15`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2023-12-07` - `2024-12-07`	a year	crt.sh
ads-twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-06-25` - `2025-06-24`	a year	crt.sh
userleap.com Amazon RSA 2048 M02	`2024-08-09` - `2025-09-06`	a year	crt.sh
t.co DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-05-08` - `2025-05-07`	a year	crt.sh
*.twitter.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2023-10-31` - `2024-10-29`	a year	crt.sh
*.reddit.com DigiCert TLS RSA SHA256 2020 CA1	`2024-05-30` - `2024-11-26`	6 months	crt.sh
*.spotify.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-02-05` - `2025-02-04`	a year	crt.sh
sentry.io DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-07-03` - `2025-07-22`	a year	crt.sh
a.stripecdn.com DigiCert SHA2 Extended Validation Server CA	`2024-08-27` - `2024-12-05`	3 months	crt.sh
zdassets.com E5	`2024-08-27` - `2024-11-25`	3 months	crt.sh
accounts.google.com WR2	`2024-07-30` - `2024-10-22`	3 months	crt.sh
*.google.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
appleid.cdn-apple.com Apple Public EV Server RSA CA 2 - G1	`2024-06-06` - `2024-12-03`	6 months	crt.sh
*.singular.net DigiCert TLS RSA SHA256 2020 CA1	`2024-03-06` - `2025-03-06`	a year	crt.sh
*.gstatic.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
a.clarity.ms Microsoft Azure RSA TLS Issuing CA 08	`2024-06-23` - `2025-06-18`	a year	crt.sh
*.segment.com Amazon RSA 2048 M03	`2023-11-14` - `2024-12-13`	a year	crt.sh
streaming.split.io Amazon RSA 2048 M03	`2024-02-10` - `2025-03-09`	a year	crt.sh
monarchmoney.zendesk.com E5	`2024-08-22` - `2024-11-20`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-08` - `2024-09-06`	3 months	crt.sh
*.googleadservices.com WR2	`2024-08-05` - `2024-10-28`	3 months	crt.sh
www.bing.com Microsoft Azure RSA TLS Issuing CA 04	`2024-06-19` - `2024-12-16`	6 months	crt.sh
istio-gateway.sprig.com Amazon RSA 2048 M03	`2024-04-22` - `2025-05-21`	a year	crt.sh

This page contains 5 frames:

Primary Page: https://app.monarchmoney.com/
Frame ID: 8EB4691140832AA56C576C147B4CC38C
Requests: 108 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-f339690b2694a40d39bc98815dfdb7a8.html
Frame ID: E1D43C6D6FF773B5DD82DDDE2F185DAA
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-ef2720a.js
Frame ID: FD5AEEA53CED324052CBF9B6F5E67946
Requests: 3 HTTP requests in this frame

Frame: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy&co=aHR0cHM6Ly9hcHAubW9uYXJjaG1vbmV5LmNvbTo0NDM.&hl=de&v=WV-mUKO4xoWKy9M4ZzRyNrP_&size=invisible&cb=yjeqnt31w6ms
Frame ID: DEBB2930A0D9906B83987B2314BC09E5
Requests: 1 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: B142850ECE0F34E0A6B8D84F9A01110E
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Monarch | Sign In

Detected technologies

Apple Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

appleid\.auth\.js

Google Sign-in (Social logins) Expand

Overall confidence: 100%
Detected patterns

accounts\.google\.com/gsi/client

Stripe (Payment Processors) Expand

Overall confidence: 100%
Detected patterns

js\.stripe\.com

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Mautic (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

[^a-z]mtc.*\.js

Page Statistics

135
Requests

82 %
HTTPS

31 %
IPv6

29
Domains

38
Subdomains

36
IPs

5
Countries

3958 kB
Transfer

15150 kB
Size

16
Cookies

2 Outgoing links

These are links going to different origins than the main page.

URL: https://policies.google.com/privacy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://policies.google.com/terms
Title: Terms of Service

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 123

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIjO7goc2aiAMVbwN1AR2EHhnNMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS HTTP 302
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIjO7goc2aiAMVbwN1AR2EHhnNMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfy2DJpCZ_6VsUWrFFQtWvVYgMUwpeDQ&random=2765703293&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIjO7goc2aiAMVbwN1AR2EHhnNMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfy2DJpCZ_6VsUWrFFQtWvVYgMUwpeDQ&random=2765703293&resp=GooglemKTybQhCsO&ipr=y

Request Chain 124

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIqfPgoc2aiAMVE5P9Bx0SfAZBMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS HTTP 302
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIqfPgoc2aiAMVE5P9Bx0SfAZBMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfeb1LONyF8Msh9QdLfSNnQhQZhOMlWQ&random=1158581619&resp=GooglemKTybQhCsO HTTP 302
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIqfPgoc2aiAMVE5P9Bx0SfAZBMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfeb1LONyF8Msh9QdLfSNnQhQZhOMlWQ&random=1158581619&resp=GooglemKTybQhCsO&ipr=y

135 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request / Show response
app.monarchmoney.com/ 5 KB
9 KB 477ms
355ms Document
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

56c6349fa44368bc7ae0004dd8720a17facc23c4862b0bc9c63da022886130b2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

cache-control: public, max-age=0
cf-cache-status: DYNAMIC
cf-ray: 8baddbc07b5f9202-FRA
content-encoding: br
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
content-type: text/html; charset=UTF-8
date: Thu, 29 Aug 2024 16:18:41 GMT
expect-ct: max-age=0
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy: no-referrer
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948321&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=fJJQiZNFekmjRvRfrWwciM4Akl8pLv0AHbdoI5MkL3g%3D"}]}
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948321&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=fJJQiZNFekmjRvRfrWwciM4Akl8pLv0AHbdoI5MkL3g%3D
server: cloudflare
strict-transport-security: max-age=15552000; includeSubDomains
via: 1.1 vegur
x-content-type-options: nosniff
x-dns-prefetch-control: off
x-download-options: noopen
x-frame-options: SAMEORIGIN
x-permitted-cross-domain-policies: none
x-xss-protection: 0

GET
H2 200 analytics.js Show response
app.monarchmoney.com/ 2 KB
6 KB 361ms
357ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/analytics.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"608-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd2c9202-FRA

GET
H2 200 reddit.js Show response
app.monarchmoney.com/ 465 B
6 KB 363ms
358ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/reddit.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"1d1-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd2d9202-FRA

GET
H2 200 spotify.js Show response
app.monarchmoney.com/ 560 B
7 KB 340ms
336ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/spotify.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"230-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd309202-FRA

GET
H2 200 tiktok.js Show response
app.monarchmoney.com/ 1 KB
6 KB 356ms
352ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/tiktok.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"543-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd319202-FRA

GET
H2 200 clarity.js Show response
app.monarchmoney.com/ 341 B
6 KB 352ms
349ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/clarity.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"155-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd329202-FRA

GET
H2 200 twitter.js Show response
app.monarchmoney.com/ 444 B
6 KB 354ms
350ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/twitter.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

4668b42c8c5e63f3aa1987896ce3aedc2c13a44c1fc6eb2d115ffca2cfc3a611

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"1bc-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd339202-FRA

GET
H2 200 userleap.js Show response
app.monarchmoney.com/ 475 B
6 KB 355ms
351ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/userleap.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"1db-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc2dd349202-FRA

GET
H2 200 link-initialize.js Show response
cdn.plaid.com/link/v2/stable/ 157 KB
45 KB 320ms
110ms Script
text/javascript 54.240.174.7
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 54.240.174.7 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-54-240-174-7.osl50.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 139a08fdf4870239ba6acfc2f470d1359d5c445f2590bdd7edbc01ed619a30bb

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: bQiqs.c6tU3uBcdJXU75cxBzUnk4SlT8
content-encoding: br
via: 1.1 d9fb4c3794a085bb4ee2c5798c2cb1b8.cloudfront.net (CloudFront)
date: Thu, 29 Aug 2024 16:05:45 GMT
x-amz-request-id: REAND0K2JYPEGMX4
x-amz-cf-pop: OSL50-P1
x-amz-server-side-encryption: AES256
age: 806
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
x-amz-id-2: 4PH9x+VU3WWj5gLCoHUei5e3Q6AdcQYEB8ZXc+K/K8b5LRqVYp0XwUE9doUIMnz5pGcOVRRH9KgyFnHOLj00cg==
last-modified: Wed, 28 Aug 2024 21:47:02 GMT
server: AmazonS3
etag: W/"f481d6a0a61e683067dfbbb8289e3460"
vary: Accept-Encoding
content-type: text/javascript
cache-control: no-cache,must-revalidate,max-age=0
x-amz-cf-id: fgcrwqzyfeghfWUfQu-tkCI_2C2v3IOzvxM8FIgnMwvmdLYGk8DAPA==

GET
H2 200 311.143af247.js Show response
app.monarchmoney.com/static/js/ 6 MB
1 MB 325ms
325ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/js/311.143af247.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

fc35cd5bd029f3f240e8f60c9ae2fce029d982fb1571564f8e0cf88e8391aaf0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"62311a-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc52eea9202-FRA

GET
H2 200 main.99091176.js Show response
app.monarchmoney.com/static/js/ 4 MB
840 KB 335ms
334ms Script
application/javascript 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/js/main.99091176.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

dc5db59957dd924a403e123301ac4fc24206c289c5cc36e4ef0570b828993afc

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"418764-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922898&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=bIwsFyZj4CstyAB%2BW%2FI7idxQJ2yYFky7PWFiP54dJp0%3D"}]}
content-type: application/javascript; charset=UTF-8
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbc52ef39202-FRA

GET
H2 200 pixel.js Show response
www.redditstatic.com/ads/ 42 KB
13 KB 180ms
50ms Script
application/javascript 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/pixel.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/reddit.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish
last-modified: Thu, 20 Jun 2024 19:23:03 GMT
server: snooserv
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag: "71b328aff914ada8b774bfa8fff542c4"
x-amz-server-side-encryption: AES256
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/javascript
cache-control: public, max-age=60
accept-ranges: bytes
content-length: 12116

GET
H2 200 ping.min.js Show response
pixel.byspotify.com/ 22 KB
22 KB 166ms
43ms Script
text/javascript 34.117.162.98
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel.byspotify.com/ping.min.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/spotify.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 34.117.162.98 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 98.162.117.34.bc.googleusercontent.com
Software: UploadServer /
Resource Hash: 42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:11 GMT
via: 1.1 google
age: 31
x-guploader-uploadid: AHxI1nM94uNfumnMXgQgUenEPXSTH0SERzocBQebfh5AIs2usdh9p4FypfIOcm0wrYSx1FQKII2QNfkNqA
x-goog-storage-class: STANDARD
x-goog-metageneration: 1
x-goog-stored-content-encoding: identity
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 22096
last-modified: Tue, 25 Jun 2024 13:55:33 GMT
server: UploadServer
etag: "4eddeec95afda969b3d1b2fb970c1eb1"
x-goog-generation: 1719323733334567
x-goog-hash: crc32c=NZyeaA==, md5=Tt3uyVr9qWmz0bL7lwwesQ==
content-type: text/javascript
cache-control: public, max-age=3600
x-goog-stored-content-length: 22096
accept-ranges: bytes
expires: Thu, 29 Aug 2024 17:18:11 GMT

GET
H2 200 events.js Show response
analytics.tiktok.com/i18n/pixel/ 6 KB
3 KB 256ms
138ms Script
application/javascript 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/tiktok.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: c1d374f707bf5793c0d53ac07a27196e00a7e7135b77f2d09374dea4a0e5e151

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 6c0d0b44
date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240829161842476D5FFE1C307C526607-0B995BF286060554-00
x-cache: TCP_MISS from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
server-timing: inner; dur=3, cdn-cache; desc=MISS, edge; dur=1, origin; dur=96
content-length: 2096
pragma: no-cache
server: nginx
x-tt-logid: 20240829161842476D5FFE1C307C526607
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 96,2.20.179.85
x-tt-trace-host: 01bebdcd0d5642d80e2bac0bb2240c851fa4885f5a154fddb71dd239358787c37338cdb45ff67efa11f6121bcac9e978bc6f58a437e2e1cf88adc8059c9c6164bde30c043d645f235ca1873e13818a9f4b98a4903887f2cd54a32b91f0e19f4a50
expires: Thu, 29 Aug 2024 16:18:42 GMT

GET
H2 200 hjy3lwdr3i Show response
www.clarity.ms/tag/ 587 B
842 B 423ms
215ms Script
application/x-javascript 2620:1ec:29:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/hjy3lwdr3i
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/clarity.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 8e23efa39c7e171af16351e3aa1191eabed7d449dce72eb3a318ca9a0bc487be

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:2f7711a9-b21e-4abe-a9d6-5b0ce5d18b64
date: Thu, 29 Aug 2024 16:18:42 GMT
x-azure-ref: 20240829T161842Z-15db8b67977nvb42gef6240rdn000000074g00000000573s
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 587
expires: -1

GET
H2 200 uwt.js Show response
static.ads-twitter.com/ 56 KB
15 KB 131ms
39ms Script
application/javascript 146.75.120.157
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://static.ads-twitter.com/uwt.js
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/twitter.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: 4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
last-modified: Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption: AES256
etag: "bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary: Accept-Encoding,Host
x-cache: HIT, HIT
content-type: application/javascript; charset=utf-8
p3p: CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn: FT
cache-control: no-cache
accept-ranges: bytes
content-length: 15412
x-served-by: cache-iad-kiad7000168-IAD, cache-fra-etou8220100-FRA

GET
H2 200 shim.js Show response
cdn.userleap.com/ 82 KB
27 KB 170ms
49ms Script
application/javascript 52.222.214.43
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.userleap.com/shim.js?id=jhOvgs1si6
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/userleap.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 52.222.214.43 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-52-222-214-43.fra56.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: a6a10759097db886e581ff34a0b28693b7cbfa96a750b09cc9428fbfeedd890c

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: enqC92bU54sTqUUdz1ExZXvyXevd1_JJ
content-encoding: gzip
via: 1.1 d79861a030d3421826a919f9c2b00146.cloudfront.net (CloudFront)
date: Thu, 29 Aug 2024 04:06:16 GMT
last-modified: Mon, 19 Aug 2024 20:43:27 GMT
server: AmazonS3
x-amz-cf-pop: FRA56-P3
age: 44178
x-amz-server-side-encryption: AES256
etag: W/"84a5259a7a3a0e6f0e8a6d82220be6de"
vary: Accept-Encoding
x-cache: Hit from cloudfront
content-type: application/javascript
x-amz-cf-id: PDELezD1CUgrGelSyUZyXIYwEfHt9GmZ2KDpr1fEcBC_vMYyILyclg==

GET
H2 200 adsct
t.co/1/i/ 43 B
376 B 341ms
159ms Image
image/gif 93.184.221.165
EDGECAST

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=ca5ebd5b-e9d5-4fb9-8529-0f6378eb557c&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=04637616-f4fa-4b5a-9f87-328d4cb03660&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2F&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

93.184.221.165 London, United Kingdom, ASN15133 (EDGECAST, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 103
date: Thu, 29 Aug 2024 16:18:41 GMT
strict-transport-security: max-age=0
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: 67d5e1894ad0f56a
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: df8be4cfe7a4eb97d377116dcd194431bfd24040ebf1a901a7f39c4beed11887
content-length: 43

GET
H2 200 adsct
analytics.twitter.com/1/i/ 43 B
724 B 241ms
153ms Image
image/gif 104.244.42.3
TWITTER

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=ca5ebd5b-e9d5-4fb9-8529-0f6378eb557c&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=04637616-f4fa-4b5a-9f87-328d4cb03660&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2F&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.244.42.3 , United States, ASN13414 (TWITTER, US),

Reverse DNS

Software

tsa_o /

Resource Hash

ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957

Security Headers

Name	Value
Strict-Transport-Security	max-age=631138519

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-response-time: 112
date: Thu, 29 Aug 2024 16:18:41 GMT
strict-transport-security: max-age=631138519
server: tsa_o
content-type: image/gif;charset=utf-8
x-transaction-id: c66372cf60ec3d7e
cache-control: no-cache, no-store, max-age=0
perf: 7402827104
x-connection-hash: c5fb802851242dcc250e327a679f90ed9eedc81a9a08d6524b41a7ad1ded1c04
content-length: 43

GET
H2 200 config Show response
pixel-config.reddit.com/pixels/t2_5u6sm01h/ 3 B
124 B 171ms
50ms XHR
application/json 151.101.1.140
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://pixel-config.reddit.com/pixels/t2_5u6sm01h/config
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.1.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: /
Resource Hash: ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
via: 1.1 varnish
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=14400
accept-ranges: bytes
content-length: 27

GET
H2 200 t2_5u6sm01h_telemetry Show response
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 86 B
699 B 161ms
61ms XHR
application/json 2a04:4e42:400::396
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL: https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_5u6sm01h_telemetry
Requested by: Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: snooserv /
Resource Hash: 45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server: snooserv
vary: Accept-Encoding,Origin
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=300
accept-ranges: bytes
content-length: 97

GET
H2 200 rp.gif
alb.reddit.com/ 42 B
637 B 194ms
65ms Image
image/gif 151.101.65.140
FASTLY

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://alb.reddit.com/rp.gif?ts=1724948322309&id=t2_5u6sm01h&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=fc6b3cb3-5c8f-4f83-a38e-9996a69ae265&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=1600&sw=1200&v=rdt_e9773deb&dpm=&dpcc=&dprc=
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 151.101.65.140 San Francisco, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software: Varnish /
Resource Hash: ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
via: 1.1 varnish
nel: {"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server: Varnish
report-to: {"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type: image/gif
cross-origin-resource-policy: cross-origin
accept-ranges: bytes
content-length: 42
retry-after: 0

OPTIONS
H2 200 ingest
pixels.spotify.com/v1/ Frame 0
0 168ms
50ms Preflight 2600:1901:1:7c5::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL: https://pixels.spotify.com/v1/ingest
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:1901:1:7c5:: , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
Software: envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type
access-control-allow-origin: https://app.monarchmoney.com
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
date: Thu, 29 Aug 2024 16:18:42 GMT
server: envoy
vary: Accept-Encoding
via: HTTP/2 edgeproxy, 1.1 google

POST
H2 200 ingest Show response
pixels.spotify.com/v1/ 52 B
271 B 63ms
56ms Fetch
application/json 2600:1901:1:7c5::
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.spotify.com/v1/ingest

Requested by

Host: pixel.byspotify.com
URL: https://pixel.byspotify.com/ping.min.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:1901:1:7c5:: , United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

Software

envoy /

Resource Hash

af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
grpc-status: 0
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
grpc-encoding: identity
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
x-envoy-upstream-service-time: 1
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
grpc-accept-encoding: gzip,x-snappy-framed

GET
H2 200 main.MTcyODg5NjdlMQ.js Show response
analytics.tiktok.com/i18n/pixel/static/ 331 KB
93 KB 44ms
43ms Script
application/javascript 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyODg5NjdlMQ.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 54ae42560c522ac01e50987d61ab619b919f6bc82f37879d750bafb4640c7de2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 6c0d1128
date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 20240827123059AA8177EE31D9E34F0B45
x-tt-trace-id: 00-240827123059AA8177EE31D9E34F0B45-5542D1B57AB2EB12-00
vary: Accept-Encoding
x-cache: TCP_HIT from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 014c9dfe83f7661d59bb622a04439120bb62464cf6fc5680ecda5019ff11fbf8a2c385eb2d59519cb5f256e3a3687918259f60c65f879210852a4b5dfc31530ee7b9ace3af00036ffc7cd6595b885d472f5cd8852803bdf2b63c32d4cd2a0424c0
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=17
content-length: 94809

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.45/ 64 KB
27 KB 361ms
351ms Script
application/javascript 2620:1ec:29:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.45/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hjy3lwdr3i
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: br
last-modified: Wed, 28 Aug 2024 19:57:49 GMT
etag: W/"0x8DCC79BB1C5F66A"
vary: Accept-Encoding
x-azure-ref: 20240829T161842Z-15db8b67977nvb42gef6240rdn000000074g000000005740
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: 57930ad2-001e-0069-311f-fa1797000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H2 200 identify_c2008b8c.js Show response
analytics.tiktok.com/i18n/pixel/static/ 146 KB
39 KB 52ms
50ms Script
application/javascript 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/i18n/pixel/static/identify_c2008b8c.js
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyODg5NjdlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: 50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-akamai-request-id: 6c0d1a3f
date: Thu, 29 Aug 2024 16:18:42 GMT
content-encoding: gzip
x-tt-trace-tag: id=16;cdn-cache=hit;type=static
server: nginx
x-tt-logid: 202407291241428A0637CBFAAEB41DCF01
x-tt-trace-id: 00-2407291241428A0637CBFAAEB41DCF01-5E518F47C6012312-00
vary: Accept-Encoding
x-cache: TCP_MEM_HIT from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
content-type: application/javascript; charset=UTF-8
cache-control: public, max-age=31536000, immutable
x-tt-trace-host: 01e33994960eedba4d9d64bb2cce523cc44cf9a1ceb6067a86a86c193f5f828f28bdf557cde35992181eb3e1ed8857856db1b699a90312147d7379f71cee1d04dd01e66feac1f106f50fe3bcde315804ca4d23cf41cda1e80b4cdebaad1c4e97a7
server-timing: cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
content-length: 39594

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
841 B 165ms
163ms Ping
text/plain 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyODg5NjdlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 324a74a5.6c0d1b66
date: Thu, 29 Aug 2024 16:18:42 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-2408291618424EBEAA65E40354532EAA-2DBF395229760290-00
x-cache: TCP_MISS from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
x-parent-response-time: 114,2.20.179.85
server-timing: cdn-cache; desc=MISS, edge; dur=95, origin; dur=26, inner; dur=23
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 202408291618424EBEAA65E40354532EAA
x-cache-remote: TCP_MISS from a23-218-223-84.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 26,23.218.223.84
x-tt-trace-host: 01bebdcd0d5642d80e2bac0bb2240c851f82a2b8a12a83987a47911b88dc13a1b0ce13e1fde0ae7014b2eb5e6abd1cec357b729ca9ce3447d173c90313047996cb46f47a31ade6a3fb1fe7621bd139bfecb76f3d5bf5523cad184678564a2801fe73c5645a25b49cce111f727a74de17ba
access-control-allow-headers: Authorization,*
expires: Thu, 29 Aug 2024 16:18:42 GMT

OPTIONS
H2 200 UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 0
0 273ms
168ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8baddbd198f2d2ea-FRA
content-length: 37
date: Thu, 29 Aug 2024 16:18:44 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 ef04b5bd9d63162000acde84eaab4f9a.cloudfront.net (CloudFront)
x-amz-cf-id: Rf_m0fVBDBsuV5UQZD5ZMyXM-lZP9qcESQ13rmxtw70UKzpUl2UNmg==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams21036-AMS
x-timer: S1724948324.170610,VS0,VE0

OPTIONS
H2 200 7a5cf301-8d96-4456-89fb-9a2639bff4bc
features.monarchmoney.com/sdk/api/mySegments/ Frame 0
0 189ms
92ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/7a5cf301-8d96-4456-89fb-9a2639bff4bc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8baddbd198f0d2ea-FRA
content-length: 37
date: Thu, 29 Aug 2024 16:18:44 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 ec87b0eaae98600539e64627bd582e82.cloudfront.net (CloudFront)
x-amz-cf-id: 0OfYNGWPPtzP0lJF5ABux1m7id1ir9WmNi-O79y5aQRW4i82XffoJg==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams2100146-AMS
x-timer: S1724948324.142134,VS0,VE0

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 590ms
571ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd24adbd2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: 6b61e0908d3e4fc7b2ac1356bc4f18de
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 527ms
509ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd24aded2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: 071a6d1ca99447768bdf0a9b670c56c2
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 529ms
512ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd24adad2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: fc5b3cd44c3247f2848ac44332b0dc92
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 505ms
489ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd24ad6d2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: d7a6415fb0d84868be5d582cb1f178cc
server: cloudflare
vary: Origin

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 466ms
460ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd33e64d2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: 1ff97ac64b6b495482390dc12b1b5358
server: cloudflare
vary: Origin

OPTIONS graphql
api.monarchmoney.com/ Frame 0
0

OPTIONS
H2 200 graphql
api.monarchmoney.com/ Frame 0
0 484ms
472ms Preflight
text/html 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://api.monarchmoney.com/graphql
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,client-platform,content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: accept, accept-encoding, authorization, content-type, dnt, origin, user-agent, x-csrftoken, x-requested-with, client-platform, act-as-user
access-control-allow-methods: DELETE, GET, OPTIONS, PATCH, POST, PUT
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 86400
cf-cache-status: DYNAMIC
cf-ray: 8baddbd33e8fd2ea-FRA
content-encoding: br
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
http_x_request_id: cabe6d6aacb74d93b1ddecf9636e5dc6
server: cloudflare
vary: Origin

OPTIONS graphql
api.monarchmoney.com/ Frame 0
0

OPTIONS
H2 200 splitChanges
features.monarchmoney.com/sdk/api/ Frame 0
0 136ms
117ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=-1

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8baddbd3c86ed2ea-FRA
content-length: 37
date: Thu, 29 Aug 2024 16:18:44 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 ef04b5bd9d63162000acde84eaab4f9a.cloudfront.net (CloudFront)
x-amz-cf-id: 63KHvzV0Zcsbq-EEIcIrXcGMKXb-5hrUTtYwDJpQgd0fH2U3zp-MOA==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams21073-AMS
x-timer: S1724948324.459293,VS0,VE0

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
325 B 267ms
155ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 v3 Show response
js.stripe.com/ 649 KB
158 KB 176ms
57ms Script
text/javascript 13.32.121.112
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

13.32.121.112 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

server-13-32-121-112.fra60.r.cloudfront.net

Software

Cloudfront /

Resource Hash

0fbc5275b0cd92710596a74b8a192fc0d38b039ba616ada871fa761e8aa53542

Security Headers

Name	Value
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-encoding: br
via: 1.1 5fa65194b963365c20fbd28444032cfc.cloudfront.net (CloudFront)
strict-transport-security: max-age=31556926; includeSubDomains; preload
x-content-type-options: nosniff
age: 16
x-amz-cf-pop: FRA60-P1
x-cache: Hit from cloudfront
alt-svc: h3=":443"; ma=86400
last-modified: Wed, 28 Aug 2024 20:42:27 GMT
server: Cloudfront
etag: W/"f9470386cf79c99095707c334a465476"
vary: Accept-Encoding
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: max-age=60
timing-allow-origin: *
x-amz-cf-id: OEBG6EVYcfXfRmyvH3Gk0HTyMgccNjDLKRYcsizQ3xbZxaOHI31fng==

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
533 B 91ms
91ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 ec87b0eaae98600539e64627bd582e82.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 256778
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230141-FRA
server: cloudflare
x-timer: S1724948324.291401,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbd2acc5d2ea-FRA
x-amz-cf-id: BzQt31u8xVWU5e4phASg5HI6uv2qe_w0MRBW6vYjJa1CdG-6IhBvpA==
x-cache-hits: 63, 2

GET
H2 200 7a5cf301-8d96-4456-89fb-9a2639bff4bc Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
387 B 227ms
226ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/7a5cf301-8d96-4456-89fb-9a2639bff4bc

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100106-IAD, cache-fra-eddf8230021-FRA
server: cloudflare
x-timer: S1724948324.250495,VS0,VE97
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100106-IAD-8a91c343-8cd4-4851-9d7f-f1ec47203c8b; cache-fra-eddf8230021-FRA-43b9f89c-39c9-4ecc-b5f1-06f208dbde93
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbd23abed2ea-FRA
x-amz-cf-id: 3SDdy_skSHRqvU323AqMbRpMujHs6-5PX4JZrodPgWOKZEwTK1LIOw==
x-cache-hits: 0, 0

GET
DATA 200
OK truncated
/ 1 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 Graphik-Medium.8206f65f..woff2
app.monarchmoney.com/static/media/ 35 KB
41 KB 341ms
339ms Font
font/woff2 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Medium.8206f65f..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 35489
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724903224&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CJLfmJ2f8BAs9RGiVMPMrsJtYfUa5HuCSznNd6HnS58%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"8aa1-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724903224&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=CJLfmJ2f8BAs9RGiVMPMrsJtYfUa5HuCSznNd6HnS58%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8baddbd3ca7c9202-FRA

GET
H2 200 Graphik-Regular.7019447d..woff2
app.monarchmoney.com/static/media/ 36 KB
42 KB 534ms
532ms Font
font/woff2 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Regular.7019447d..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: EXPIRED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 36525
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"8ead-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8baddbd3ca7f9202-FRA

GET
H2 200 MonarchIcons.63080729..ttf
app.monarchmoney.com/static/media/ 25 KB
20 KB 398ms
396ms Font
font/ttf 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/MonarchIcons.63080729..ttf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2F

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f3042155b43d9eafd3553035c29c863f3ced375e30003da6ba9dd274dba9e3a7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724903227&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mLT46yk%2FekPORqJLfrmmyBMMBG8hy%2BJ0IhmMx35Y88s%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"65b0-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724903227&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mLT46yk%2FekPORqJLfrmmyBMMBG8hy%2BJ0IhmMx35Y88s%3D"}]}
content-type: font/ttf
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbd40abf9202-FRA

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 182ms
181ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 178ms
176ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 summary.json Show response
status.monarchmoney.com/ 87 B
399 B 169ms
147ms XHR
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://status.monarchmoney.com/summary.json

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
age: 27
referrer-policy: strict-origin-when-cross-origin
x-vercel-id: fra1::iad1::9pwjm-1724948324257-7cbc1cd7d200
server: cloudflare
x-matched-path: /api/summary.json
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: iad1
content-type: application/json
access-control-allow-origin: *
cache-control: public
cf-ray: 8baddbd24ae2d2ea-FRA

GET
H2 200 snippet.js Show response
static.zdassets.com/ekr/ 10 KB
5 KB 236ms
92ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.99091176.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
x-amz-version-id: qclSddpGUX2.KT0tZACrS6v9bSx237T.
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: JKN1Q3J8ZTSJ5QCC
age: 35
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: mffWrceLKlBhNibh9xibEteyYzkmlyQFIFfoHQmboQCwTVcm8Bo4MCr+iqWuL8CrS195Nm/b2iA=
last-modified: Thu, 08 Aug 2024 15:49:45 GMT
server: cloudflare
etag: W/"67cbb97bf64ecd65d74b0de6ede92abf"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=2n2eUKruTWT5N6QEvKHhHjAOGNmpYHzaamKrjEEYBlI30iBv3A98GNqvfwFSnvqi9WnQwRprz1QmUAxBWZMk2KZ4AexwGJDhpDeAO85YwsHNUCJFF4VSIAi4%2BXaFI1DJPMgbJfk%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=3600, s-maxage=60
access-control-max-age: 0
cf-ray: 8baddbd308f262c4-HAM
access-control-allow-headers: *

POST graphql
api.monarchmoney.com/ 0
0

GET
H2 200 summary.json Show response
status.monarchmoney.com/ 87 B
196 B 262ms
95ms XHR
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://status.monarchmoney.com/summary.json

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Accept: application/json, text/plain, */*
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: DYNAMIC
content-encoding: br
age: 27
referrer-policy: strict-origin-when-cross-origin
x-vercel-id: fra1::iad1::jg7mg-1724948324366-2892ca82d04b
server: cloudflare
x-matched-path: /api/summary.json
x-vercel-cache: HIT
vary: RSC, Next-Router-State-Tree, Next-Router-Prefetch
x-vercel-execution-region: iad1
content-type: application/json
access-control-allow-origin: *
cache-control: public
cf-ray: 8baddbd33e63d2ea-FRA

GET
H2 200 events-script Show response
events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 103 KB
28 KB 812ms
676ms Script
text/javascript 2600:9000:223d:1000:9:a6e8:8080:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/analytics.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:1000:9:a6e8:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: cbf5816bdc700b18c3be9c798106262658ca8e966b5b82b22c94dda91da35d2e

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: 8YiAlGSVaxZ6Fio1n8qwvsVxjnrg64g4
content-encoding: br
via: 1.1 7fcb41b117930690c299be9cec4a977a.cloudfront.net (CloudFront), 1.1 77ba839b79ec0a8b2031c8a828e7fdfa.cloudfront.net (CloudFront)
date: Thu, 29 Aug 2024 16:18:45 GMT
x-amz-cf-pop: FRA6-C1, FRA56-P3
x-amz-server-side-encryption: AES256
x-cache: Miss from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 29 Jul 2024 18:45:55 GMT
server: AmazonS3
etag: W/"54dbe7a5d4e3983c5c5c29f30845c4d3"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: text/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=120
vary: Accept-Encoding
x-amz-cf-id: K_rh4imrskFUDC7sd1yTE3DYjD4uAhe6itksfbHkLLOE-pEXk3RCWw==

GET
H2 200 client Show response
accounts.google.com/gsi/ 227 KB
86 KB 216ms
92ms Script
application/javascript 2a00:1450:400c:c07::54
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://accounts.google.com/gsi/client

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c07::54 Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

ca10079b550df42a492d554a8e9b81be8062043d1b90450c4f068d83a436c238

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-PvksPdilF_hSNat1URc5ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: script-src 'report-sample' 'nonce-PvksPdilF_hSNat1URc5ow' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type: application/javascript; charset=utf-8
cache-control: private, max-age=1800
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires: Thu, 29 Aug 2024 16:18:44 GMT

GET
H3 200 enterprise.js Show response
www.google.com/recaptcha/ 2 KB
1 KB 216ms
100ms Script
text/javascript 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise.js?render=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

ESF /

Resource Hash

d593a06165e70bcd91c1862c4bb14341e348b1d82192e67cd882ea3b8e64a3c5

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-encoding: gzip
x-content-type-options: nosniff
server: ESF
x-frame-options: SAMEORIGIN
report-to: {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
content-type: text/javascript; charset=utf-8
cache-control: private, max-age=300
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
expires: Thu, 29 Aug 2024 16:18:44 GMT

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 163ms
158ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

POST
H2 200 / Show response
sentry.io/api/4279731/envelope/ 2 B
57 B 164ms
160ms Fetch
application/json 35.186.247.156
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

156.247.186.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://app.monarchmoney.com/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
via: 1.1 google
server: nginx
vary: origin, access-control-request-method, access-control-request-headers
content-type: application/json
access-control-allow-origin: *
access-control-expose-headers: x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time: 0
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2

GET
H2 200 Graphik-Semibold.ea1b5de4..woff2
app.monarchmoney.com/static/media/ 40 KB
46 KB 550ms
549ms Font
font/woff2 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/static/media/Graphik-Semibold.ea1b5de4..woff2

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

244d56ceae3f2752b26cbe829087d576d715275e60fe3efb58083652272255c0

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://app.monarchmoney.com/login?route=%2F
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: EXPIRED
via: 1.1 vegur
x-dns-prefetch-control: off
content-length: 40841
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"9f89-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D"}]}
content-type: font/woff2
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
accept-ranges: bytes
cf-ray: 8baddbd40ac19202-FRA

POST graphql
api.monarchmoney.com/ 0
0

GET
H/1.1 200
OK appleid.auth.js Show response
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 42 KB
17 KB 268ms
51ms Script
application/javascript 184.30.208.159
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.99091176.js

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.30.208.159 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-30-208-159.deploy.static.akamaitechnologies.com

Software

Apple /

Resource Hash

8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Content-Encoding: gzip
Date: Thu, 29 Aug 2024 16:18:44 GMT
Last-Modified: Thu, 22 Aug 2024 18:15:35 GMT
Server: Apple
ETag: W/"43171-1724350535543"
Vary: accept-encoding
Content-Type: application/javascript;charset=UTF-8
Access-Control-Allow-Origin: *
Cache-Control: public, max-age=86400,stale-while-revalidate=86400
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 17356

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 245 KB
13 KB 85ms
85ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=-1

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

9af7e7fb49c82eff0679f176c44bf623fa97b459ef259019652b010dcb79baeb

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 ec87b0eaae98600539e64627bd582e82.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
age: 57655
x-cache: Miss from cloudfront
content-length: 13360
x-served-by: cache-iad-kiad7000046-IAD, cache-fra-eddf8230076-FRA
last-modified: Thu, 29 Aug 2024 00:17:48 GMT
server: cloudflare
x-timer: S1724948325.591047,VS0,VE1
etag: "1724890668832"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kiad7000095-IAD-5c898ee1-433f-474a-b835-3a259c4c67b7; cache-fra-etou8220145-FRA-7cf0d396-4229-4650-869b-c88a9f7b31fd
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbd48aded2ea-FRA
x-amz-cf-id: Y9ITCY3qUnoszgXygAxzjc-zgeXaIpMIvRwtc0AlBehUlyYbm2_3ZQ==
x-cache-hits: 145, 1

GET
H2 200 butterfly-logo.svg
app.monarchmoney.com/ 859 B
7 KB 360ms
342ms Image
image/svg+xml 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/butterfly-logo.svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922900&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=LV0wAdIAbhFk8h2zbbDQWz0LSYlp%2FbJwkiPDeXkzlYk%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"35b-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922900&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=LV0wAdIAbhFk8h2zbbDQWz0LSYlp%2FbJwkiPDeXkzlYk%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbd3ca739202-FRA

GET
H2 200 logo-color.svg
app.monarchmoney.com/ 4 KB
8 KB 435ms
417ms Image
image/svg+xml 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/logo-color.svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: MISS
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"111d-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbd3ca759202-FRA

GET
H2 200 apple-logo.631edd89..svg
app.monarchmoney.com/static/media/ 704 B
6 KB 373ms
355ms Image
image/svg+xml 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/static/media/apple-logo.631edd89..svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: EXPIRED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"2c0-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbd3ca799202-FRA

GET
H2 200 google-logo.e675ec58..svg
app.monarchmoney.com/static/media/ 1 KB
7 KB 353ms
335ms Image
image/svg+xml 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://app.monarchmoney.com/static/media/google-logo.e675ec58..svg

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: EXPIRED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:08:05 GMT
server: cloudflare
etag: W/"45d-1919b75f688"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724948324&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=sZBCYs%2F%2FAFSfR3daKGKlm9nzcmtAqj9QqTJHhi4yH3Y%3D"}]}
content-type: image/svg+xml
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbd3ca7b9202-FRA

GET
H2 200 auth Show response
features.monarchmoney.com/auth/api/ 714 B
689 B 357ms
356ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=7a5cf301-8d96-4456-89fb-9a2639bff4bc

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

be3a6250488e5307dc62720e5cdd689a5c20824cb9ec76259f2fbdcad86c4cb9

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
strict-transport-security: max-age=15770000; includeSubDomains
x-content-type-options: nosniff
content-security-policy: frame-ancestors 'self'
via: 1.1 ec87b0eaae98600539e64627bd582e82.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies: master-only
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
content-encoding: br
x-cache: Miss from cloudfront
server: cloudflare
x-frame-options: DENY
access-control-allow-methods: GET, OPTIONS
content-type: application/json; charset=utf-8
access-control-allow-origin: https://app.monarchmoney.com
access-control-allow-credentials: true
cf-ray: 8baddbd6bab6d2ea-FRA
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
x-amz-cf-id: 1M9jYqoOEztZHuzsrOU3T8Ri9ASMTnOfrP1gP9KPn3pBix0Gc9z15g==

POST
H2 200 pixel
analytics.tiktok.com/api/v2/ 0
846 B 175ms
174ms Ping
text/plain 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyODg5NjdlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: 61677d0.6c0d5048
date: Thu, 29 Aug 2024 16:18:44 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240829161844CBC8415F937092525F9B-04135B2A29DE8D27-00
x-cache: TCP_MISS from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
x-parent-response-time: 117,2.20.179.85
server-timing: cdn-cache; desc=MISS, edge; dur=99, origin; dur=23, inner; dur=19
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240829161844CBC8415F937092525F9B
x-cache-remote: TCP_MISS from a104-112-235-166.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 23,104.112.235.166
x-tt-trace-host: 01bebdcd0d5642d80e2bac0bb2240c851fdab281fa46b5b2f3f30fe9095c0bf56ea13e2212118c4bad8bfd1102bb63155abe49518d0e04efb5d62ef214f770fe6c45f85f699170400f03a76dabd9d5775061241537290adb82fe8f4e5b118e876bfb2817a6a129415a7b3455d567682d65
access-control-allow-headers: Authorization,*
expires: Thu, 29 Aug 2024 16:18:44 GMT

OPTIONS
H2 200 auth
features.monarchmoney.com/auth/api/ Frame 0
0 319ms
318ms Preflight
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=7a5cf301-8d96-4456-89fb-9a2639bff4bc

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	frame-ancestors 'self'
Strict-Transport-Security	max-age=15770000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
access-control-allow-methods: GET, OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
cf-cache-status: DYNAMIC
cf-ray: 8baddbd4ab73d2ea-FRA
content-length: 4
content-security-policy: frame-ancestors 'self'
content-type: application/json; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
server: cloudflare
strict-transport-security: max-age=15770000; includeSubDomains
via: 1.1 ef04b5bd9d63162000acde84eaab4f9a.cloudfront.net (CloudFront)
x-amz-cf-id: To9Riigl92mcz5ybM5hs_O204WE4VIjP-oHaRkvFx-frfNtaTm26mQ==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-content-type-options: nosniff
x-frame-options: DENY
x-permitted-cross-domain-policies: master-only

POST
H2 200 event Show response
sdk-api-v1.singular.net/api/v1/ 51 B
307 B 208ms
207ms XHR
application/json 184.24.77.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1724948324&event_id=fc0f39fe-5965-47d1-b9cb-52e9ec3bcd64&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=5c8c0b56-564e-4f00-be3e-d0c1be0bdb6f&sdid=f0fd97b1-5e4f-4f1c-9181-9677296e876e&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1724948324&u=f0fd97b1-5e4f-4f1c-9181-9677296e876e&n=__PAGE_VISIT__&is_revenue_event=false&s=81432896-7dc7-42ac-8d5e-518371ea77f6&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Linux&lag=1&h=016f560f6b7f70e71d8bc9a2557d8c3ebd32700d
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash: 453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:45 GMT
apsalar-extra: security hash failed
vary: Accept-Encoding
access-control-allow-methods: POST, GET, OPTIONS
content-type: application/json
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
access-control-allow-headers: Content-Type, Content-Length
content-length: 51
expires: Thu, 29 Aug 2024 16:18:45 GMT

OPTIONS
H2 200 event
sdk-api-v1.singular.net/api/v1/ Frame 0
0 328ms
198ms Preflight 184.24.77.156
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1724948324&event_id=fc0f39fe-5965-47d1-b9cb-52e9ec3bcd64&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=1200&screen_width=1600&sdk=WebSDK-v1.2.8&singular_instance_id=5c8c0b56-564e-4f00-be3e-d0c1be0bdb6f&sdid=f0fd97b1-5e4f-4f1c-9181-9677296e876e&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1724948324&u=f0fd97b1-5e4f-4f1c-9181-9677296e876e&n=__PAGE_VISIT__&is_revenue_event=false&s=81432896-7dc7-42ac-8d5e-518371ea77f6&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Linux&lag=1&h=016f560f6b7f70e71d8bc9a2557d8c3ebd32700d
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.77.156 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a184-24-77-156.deploy.static.akamaitechnologies.com
Software: /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type
Access-Control-Request-Method: POST
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: Content-Type, Content-Length
access-control-allow-methods: POST, GET, OPTIONS
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
content-length: 0
date: Thu, 29 Aug 2024 16:18:45 GMT
expires: Thu, 29 Aug 2024 16:18:45 GMT
pragma: no-cache
vary: Accept-Encoding

GET
H2 200 d8d33592-cf5c-4ae3-ae8f-553657823fbf Show response
ekr.zdassets.com/compose/ 493 B
1 KB 357ms
244ms Fetch
application/json 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://ekr.zdassets.com/compose/d8d33592-cf5c-4ae3-ae8f-553657823fbf

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

364c61321116fcef14c27fa92815862e7a21bf7f9c9a730780110863aecf61f9

Security Headers

Name	Value
Strict-Transport-Security	max-age=0
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
strict-transport-security: max-age=0
x-content-type-options: nosniff
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies: none
content-encoding: br
cdn-cache-control: max-age=60
x-xss-protection: 1; mode=block
x-request-id: 8babf01b5e270600-SEA, 8babf01b5e270600-SEA, 8babf01b5e270600-SEA
x-runtime: 0.011401
referrer-policy: strict-origin-when-cross-origin
server: cloudflare
etag: W/"364c61321116fcef14c27fa92815862e"
x-download-options: noopen
x-frame-options: SAMEORIGIN
access-control-max-age: 7200
access-control-allow-methods: GET, POST, OPTIONS
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=R9T8Rft%2BbnHfF79gXltXNvPRg3fzw%2Bepx6fpF2ziBke%2BXRZppReUHsp9ZfiM5jA%2Bmtvgk4fQ%2Bs%2FHpnlsv0LcayCdNT4LESCxdYnfAETqnMypj4KQcznL6KIqY7o9SygrVjQ%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary: Accept, Origin, Accept-Encoding
cache-control: max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type: application/json; charset=utf-8
x-zendesk-zorg: yes, yes
cf-ray: 8baddbd68fb862f0-HAM

GET
H2 200 controller-with-preconnect-f339690b2694a40d39bc98815dfdb7a8.html
js.stripe.com/v3/ Frame E1D4 0
0 121ms
39ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/controller-with-preconnect-f339690b2694a40d39bc98815dfdb7a8.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

151.101.0.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 59
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=60, stale-while-revalidate=900
content-encoding: br
content-length: 401
content-security-policy: base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:44 GMT
etag: "f339690b2694a40d39bc98815dfdb7a8"
last-modified: Wed, 28 Aug 2024 20:03:05 GMT
origin-agent-cluster: ?1
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 15
x-content-type-options: nosniff
x-request-id: eefc2716-6b25-48b6-b299-dbbebee30a40
x-served-by: cache-fra-etou8220044-FRA

GET
H2 200 recaptcha__de.js Show response
www.gstatic.com/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/ 539 KB
214 KB 133ms
42ms Script
text/javascript 2a00:1450:4001:811::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.gstatic.com/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__de.js

Requested by

Host: www.google.com
URL: https://www.google.com/recaptcha/enterprise.js?render=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:811::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

e368d06d619da2ddbac62f83484f2b207601a2fd8ea86ee0ce8ab30855fe6fa6

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
Origin: https://app.monarchmoney.com
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 26 Aug 2024 19:01:09 GMT
content-encoding: gzip
x-content-type-options: nosniff
age: 249455
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/recaptcha
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 218560
x-xss-protection: 0
last-modified: Mon, 26 Aug 2024 04:00:28 GMT
server: sffe
cross-origin-opener-policy: same-origin-allow-popups; report-to="recaptcha"
vary: Accept-Encoding
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]}
content-type: text/javascript
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
expires: Tue, 26 Aug 2025 19:01:09 GMT

POST
H2 200 act
analytics.tiktok.com/api/v2/pixel/ 0
847 B 166ms
160ms Ping
text/plain 2.18.64.21
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.tiktok.com/api/v2/pixel/act
Requested by: Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTcyODg5NjdlMQ.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2.18.64.21 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a2-18-64-21.deploy.static.akamaitechnologies.com
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

x-akamai-request-id: bccc2cd.6c0d5796
date: Thu, 29 Aug 2024 16:18:44 GMT
x-tt-trace-tag: id=16;cdn-cache=miss;type=dyn
x-tt-trace-id: 00-240829161844CF427E14FF4AAD52E2EF-214B5954D17EF189-00
x-cache: TCP_MISS from a2-20-179-85.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
x-parent-response-time: 108,2.20.179.85
server-timing: cdn-cache; desc=MISS, edge; dur=98, origin; dur=21, inner; dur=18
content-length: 0
pragma: no-cache
server: nginx
x-tt-logid: 20240829161844CF427E14FF4AAD52E2EF
x-cache-remote: TCP_MISS from a104-112-235-198.deploy.akamaitechnologies.com (AkamaiGHost/11.6.2.1-58447958) (-)
access-control-allow-methods: GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin: *
cache-control: max-age=0, no-cache, no-store
x-origin-response-time: 21,104.112.235.198
x-tt-trace-host: 01bebdcd0d5642d80e2bac0bb2240c851fdab281fa46b5b2f3f30fe9095c0bf56e44f5578ea0f0351f157f02139f04dbcb8ecfd419ec49ee06f84412f5a52aa64b0f8179b0b925a450ca8529fcd83ed22683b77699e16d67b3ee835c7991560093829c0b025c878e90fe8121f74c5f8f77
access-control-allow-headers: Authorization,*
expires: Thu, 29 Aug 2024 16:18:44 GMT

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
284 B 663ms
381ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Thu, 29 Aug 2024 16:18:45 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 settings Show response
cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 10 KB
3 KB 180ms
48ms Fetch
application/json 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/settings
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: d9affb9be132f18ddba52f53549dabe8b4a644a4c1b2fe5d76bbd7750275da02

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: UESK49fyxYGmYV4v5O2Wd4kiz5hLX1le
content-encoding: br
via: 1.1 71b147cd3102755b55ba8b6fd34e3f4a.cloudfront.net (CloudFront)
date: Thu, 29 Aug 2024 15:35:17 GMT
x-amz-cf-pop: FRA6-C1
age: 3938
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Thu, 25 Jul 2024 17:24:06 GMT
server: AmazonS3
etag: W/"afcbd98cac05aea061eb2fabf0051edb"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/json; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=10800
vary: Accept-Encoding
x-amz-cf-id: xZok3Z4s5yyoNMd68tyg9PnrzRtEnpZwO7dshBfRLBo_Ih4OKTqMmg==

GET
H2 200 web-widget-main-ef2720a.js Show response
static.zdassets.com/web_widget/classic/latest/ Frame FD5A 972 KB
277 KB 79ms
78ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-main-ef2720a.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

b42c8ffcb966ef0201e5691ebbc67fc87a75a34e1b5dbf6652fc921f6ad6c0c1

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
x-amz-version-id: X7M10bt_4xqB7fQDlrhNXARgZcIaUECF
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: QP6724K0JMBHJ9A6
age: 20170
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: HJ4GbSA+Bvbw2K+mqN4M3KTXlzw7f+rGf6hZLcHB0Ow2FOn7bL3irq6g+60l1/05BKw9serROk2kdn8KSPkGRi4T58Tepp+h
last-modified: Wed, 21 Aug 2024 12:43:21 GMT
server: cloudflare
etag: W/"4455f49055fc0a108a3168cf52bfc1f8"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ifC9CXtIkV1k16Giu3uT6zKxcY03Uee9GirgaDoUaY2kL9Z8ctbjDvlpRSo0uHoSCJRqeQBe8bNFXfOY%2F7%2F%2FNwedBVjn8Vyhprqk%2B1eLVrLEK9%2FJZ9tnzOI%2FBVhPhZN5JruYmTo%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8baddbd82ae762c4-HAM
access-control-allow-headers: *
expires: Thu, 21 Aug 2025 12:43:20 GMT

GET
H3 200 anchor
www.google.com/recaptcha/enterprise/ Frame DEBB 0
0 174ms
84ms Document
text/html 142.250.185.100
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LfQ4tUpAAAAAFa5LWIcYBPtAC2wsirC-CUZvhyy&co=aHR0cHM6Ly9hcHAubW9uYXJjaG1vbmV5LmNvbTo0NDM.&hl=de&v=WV-mUKO4xoWKy9M4ZzRyNrP_&size=invisible&cb=yjeqnt31w6ms

Requested by

Host: www.gstatic.com
URL: https://www.gstatic.com/recaptcha/releases/WV-mUKO4xoWKy9M4ZzRyNrP_/recaptcha__de.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.100 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s49-in-f4.1e100.net

Software

ESF /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	script-src 'report-sample' 'nonce-wncv0GfsYYf4JU7uRRWrZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, no-store, max-age=0, must-revalidate
content-encoding: gzip
content-security-policy: script-src 'report-sample' 'nonce-wncv0GfsYYf4JU7uRRWrZw' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/recaptcha/1
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy-report-only: same-origin; report-to="coop_38fac9d5b82543fc4729580d18ff2d3d"
cross-origin-resource-policy: cross-origin
date: Thu, 29 Aug 2024 16:18:45 GMT
expires: Mon, 01 Jan 1990 00:00:00 GMT
pragma: no-cache
report-to: {"group":"recaptcha","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/recaptcha"}]} {"group":"coop_38fac9d5b82543fc4729580d18ff2d3d","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/38fac9d5b82543fc4729580d18ff2d3d"}]}
server: ESF
x-content-type-options: nosniff
x-xss-protection: 0

GET
H2 200 tsub-middleware.bundle.c0f5511a001f780f591f.js Show response
cdn.segment.com/analytics-next/bundles/ 18 KB
6 KB 129ms
43ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/tsub-middleware.bundle.c0f5511a001f780f591f.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 557c67c76c13a84e8b483ee1a0dfdd807399d960909266e7c6a83ddfadca9c81

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 25 Jul 2024 17:48:59 GMT
x-amz-version-id: ot1syIPz_4SEEXctAcFzoJMAfu_hQEig
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 3018587
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Tue, 23 Jul 2024 22:02:58 GMT
server: AmazonS3
etag: W/"f7b3d2021df83853b191aefa39a74b15"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: 4qDKygHGZObff0DIdM5QdR5zyaZrAtOFa5qspk_cloHDZRN3wVOHKA==

GET
H2 200 sse
streaming.split.io/ 1 KB
0 187ms
53ms EventSource
text/event-stream 2600:9000:223d:2000:6:5671:b9c0:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://streaming.split.io/sse?channels=Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTQ1NzQ3MjE5Mg%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTY3MTQ0NDk2OA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UUTFOelEzTWpFNU1nPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UWTNNVFEwTkRrMk9BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X3NwbGl0c1wiOltcInN1YnNjcmliZVwiXSxcImNvbnRyb2xfcHJpXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl0sXCJjb250cm9sX3NlY1wiOltcInN1YnNjcmliZVwiLFwiY2hhbm5lbC1tZXRhZGF0YTpwdWJsaXNoZXJzXCJdfSIsIngtYWJseS1jbGllbnRJZCI6ImNsaWVudElkIiwiZXhwIjoxNzI0OTUxOTI1LCJpYXQiOjE3MjQ5NDgzMjV9.P5SmwR2QIUE1TwjOHwZZyrG7lVncA8WIKPeREYxReMg&v=1.1&heartbeats=true
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:223d:2000:6:5671:b9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: /
Resource Hash

Request headers

Accept: text/event-stream
Cache-Control: no-cache
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
via: 1.1 d9523e44e96d2539081596bb1d268d44.cloudfront.net (CloudFront)
x-ably-cluster: production:split
x-amz-cf-pop: FRA56-P3
vary: Origin
x-ably-serverid: frontdoor.83a7.eu-central-1-A.i-0208b155a25ab5dd6.e91K_Xiogc9JTI
content-type: text/event-stream
access-control-allow-origin: https://app.monarchmoney.com
x-cache: Miss from cloudfront
access-control-expose-headers: Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials: true
x-amz-cf-id: 1rKHlpekQWz55N6UiEvVT7SRFvktbCsNrqCpTr-NDMhexGcRQCJnhg==

GET
H2 200 ajs-destination.bundle.ed53a26b6edc80c65d73.js Show response
cdn.segment.com/analytics-next/bundles/ 9 KB
3 KB 42ms
42ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.ed53a26b6edc80c65d73.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 20:17:52 GMT
x-amz-version-id: y1rPlIgvelxNE1YxH.dn4iIroP2Pnn0U
content-encoding: br
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 5688053
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 24 Jun 2024 18:40:05 GMT
server: AmazonS3
etag: W/"00e9c65cbba11c07c4bf4a6e2727b8ea"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: hTFYETcvUY6WRZEfYssMSUW6ah3zII4qgY1FUr2om0wrdelDPHtazw==

GET
H2 200 schemaFilter.bundle.5c2661f67b4b71a6d9bd.js Show response
cdn.segment.com/analytics-next/bundles/ 2 KB
1 KB 40ms
40ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Mon, 24 Jun 2024 20:17:54 GMT
x-amz-version-id: fFM2.Q5O21tbOz6I0BWTT24IeUb4pa6L
content-encoding: br
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA6-C1
age: 5688052
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
x-amz-replication-status: COMPLETED
last-modified: Mon, 24 Jun 2024 18:40:05 GMT
server: AmazonS3
etag: W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
vary: Accept-Encoding
x-amz-cf-id: CZD3l4un0S19hcGjkkUbVVMF9HhD76Mvrppu_to2j3hfiOYjL1BThQ==

GET
H2 200 en-us-json-ef2720a.js Show response
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame FD5A 25 KB
6 KB 63ms
63ms Script
application/javascript 104.18.70.113
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-ef2720a.js

Requested by

Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-ef2720a.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e

Security Headers

Name	Value
Strict-Transport-Security	max-age=0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
x-amz-version-id: 837oefYW1VGesUh0eOoR2kPDWFF4n3IN
content-encoding: br
cf-cache-status: HIT
nel: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security: max-age=0
x-amz-request-id: 17BZ1VX200NSB34Y
age: 20166
x-amz-server-side-encryption: AES256
x-amz-replication-status: COMPLETED
x-amz-id-2: 17z6Mst0qclhe3h+HJngVgyzPajGJz1654PL9hACpnjFHzsNzgJMDDuuy7IuY3+giamW9u+nGjw=
last-modified: Wed, 21 Aug 2024 12:43:22 GMT
server: cloudflare
etag: W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary: Accept-Encoding
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=EG9DNK1RwsHLWJtlV1NxkL9gQUSbCre5mwG%2FqgQNQi86D6HoZwqO%2BvDrI6yI6QEJv5e3fg6vq%2BOOaMz4YtvQLKNMZA7u%2F7ty%2FIBn21NSKmfB6Xz%2BpXMHchNGPiezPTHuzcThw0s%3D"}],"group":"cf-nel","max_age":604800}
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
access-control-allow-methods: GET, HEAD
cache-control: public, max-age=31536000
access-control-max-age: 0
cf-ray: 8baddbda9ee962c4-HAM
access-control-allow-headers: *
expires: Thu, 21 Aug 2025 12:43:21 GMT

GET
H2 200 config Show response
monarchmoney.zendesk.com/embeddable/ Frame FD5A 155 B
937 B 393ms
281ms Fetch
application/json 104.16.53.111
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://monarchmoney.zendesk.com/embeddable/config
Requested by: Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-ef2720a.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: br
cf-cache-status: EXPIRED
nel: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server: embeddable-app-server-64bffbc89d-xxndp
x-cached: MISS
x-request-id: 8baddbdb5c83ca9d-FRA
x-runtime: 0.001834
last-modified: Thu, 29 Aug 2024 16:18:45 GMT
server: cloudflare
x-zendesk-zorg: yes
access-control-max-age: 7200
access-control-allow-methods: GET
content-type: application/json; charset=utf-8
access-control-allow-origin: *
report-to: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Mn0m88BKST8qZfnrlz0mrkxQk27Fk2Ol%2BqC14NkcBaxf%2BL4e%2BYoN%2FQ43b6S8kEsQAQohdllbz%2BCTiN35KRXPsG%2BBZsPzM4WU6NUL77HQ4FaHjt4oQmXJu68iFqPomICzmMTizYWl3npfqg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control: public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary: Origin, Accept-Encoding
cf-ray: 8baddbdb5c83ca9d-HAM

OPTIONS
H2 200 splitChanges
features.monarchmoney.com/sdk/api/ Frame 0
0 70ms
70ms Preflight 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=1724890668832

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: */*
Access-Control-Request-Headers: authorization,content-type,splitsdkversion
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods: GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin: https://app.monarchmoney.com
access-control-max-age: 7200
allow: HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status: DYNAMIC
cf-ray: 8baddbdadf58d2ea-FRA
content-length: 37
date: Thu, 29 Aug 2024 16:18:45 GMT
retry-after: 0
server: cloudflare
strict-transport-security: max-age=15770000; includeSubdomains
vary: Cookie
via: 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
x-amz-cf-id: W6UFaBMf-f0lscFqlH86YhMByspD6eduGdzozSXy8pw0oMv2j_JRpA==
x-amz-cf-pop: AMS58-P5
x-cache: Miss from cloudfront
x-cache-hits: 0
x-served-by: cache-ams2100140-AMS
x-timer: S1724948326.599900,VS0,VE0

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
441 B 76ms
75ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
strict-transport-security: max-age=15770000; includeSubdomains
via: 1.1 varnish, 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: AMS58-P5
age: 256779
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230156-FRA
server: cloudflare
x-timer: S1724948326.600452,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
content-type: application/json; charset=utf-8
accept-ranges: bytes
cf-ray: 8baddbdadf38d2ea-FRA
x-amz-cf-id: euN4ZfEJZ6unNc_t7CSi6LrdIO7Ccb07O2_F1ZsEMQLhk8-n-zAiiA==
x-cache-hits: 63, 5

GET
H2 200 7a5cf301-8d96-4456-89fb-9a2639bff4bc Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 0ms
0ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/7a5cf301-8d96-4456-89fb-9a2639bff4bc
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100106-IAD, cache-fra-eddf8230021-FRA
server: cloudflare
x-timer: S1724948324.250495,VS0,VE97
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100106-IAD-8a91c343-8cd4-4851-9d7f-f1ec47203c8b; cache-fra-eddf8230021-FRA-43b9f89c-39c9-4ecc-b5f1-06f208dbde93
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbd23abed2ea-FRA
x-amz-cf-id: 3SDdy_skSHRqvU323AqMbRpMujHs6-5PX4JZrodPgWOKZEwTK1LIOw==
x-cache-hits: 0, 0

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 56 B
538 B 60ms
59ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/splitChanges?since=1724890668832

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c608b36bc0943c2322757654e2b026aba96a6ba921aa931c728fd748fc6a7018

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
strict-transport-security: max-age=15770000; includeSubdomains
content-encoding: gzip
cf-cache-status: DYNAMIC
via: 1.1 varnish, 1.1 varnish, 1.1 ef04b5bd9d63162000acde84eaab4f9a.cloudfront.net (CloudFront)
x-amz-cf-pop: AMS58-P5
x-cache: Hit from cloudfront
content-length: 64
x-served-by: cache-iad-kiad7000066-IAD, cache-fra-eddf8230141-FRA
last-modified: Thu, 29 Aug 2024 00:17:48 GMT
server: cloudflare
x-timer: S1724948325.082046,VS0,VE3
etag: "1724890668832"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kcgs7200142-IAD-34e75d36-dbea-4ba3-be41-9fa15ca27a3a; cache-fra-eddf8230156-FRA-831c132b-1847-4e38-9783-644cde537786
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbdb58c7d2ea-FRA
x-amz-cf-id: xUku9OZ_sXpZNwQgsgqw9CRcku8q9XYjJ6As-S0NOlxSjMxSiIQs2w==
x-cache-hits: 16, 0

GET
H2 200 google-analytics.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/ 16 KB
5 KB 42ms
42ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 01:18:46 GMT
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-version-id: RuSoXd63GDprOkfUx43E0yJR.wEvWAQk
x-amz-cf-pop: FRA6-C1
age: 831600
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 4743
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
server: AmazonS3
etag: "6a3ed21f9b6777c0c37e6e248ea22387"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: u_IOgEpbprcirSqEpBGyBVoIwCH7BsNae6U9ags4Cd_0NYRDRYu29A==

GET
H2 200 facebook-pixel.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 10 KB
4 KB 45ms
45ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 23:05:46 GMT
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-version-id: cuitFtVByPnpmGgtaJu0tUis3_ZXBX9n
x-amz-cf-pop: FRA6-C1
age: 753180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 3273
last-modified: Thu, 08 Aug 2024 06:57:15 GMT
server: AmazonS3
etag: "a7cd49c834a0851140e3304c91cb34d0"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: oGh8LLUuKiEy5jXqNs7CBiQavmkEVXhR9zEpmmJCxPvKRfR_U8yPcQ==

GET
H2 200 adwords.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 4 KB
2 KB 57ms
57ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 20de2de93c034f0e1ed81727065936b52b3bedb10a612cc28afea038c740ef2f

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sat, 27 Jul 2024 21:14:24 GMT
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-version-id: 7vkqclv0v7ecqw42WAvkgxG2mh5ifLIy
x-amz-cf-pop: FRA6-C1
age: 2833462
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1356
last-modified: Mon, 03 Jun 2024 14:40:12 GMT
server: AmazonS3
etag: "f6246f378e8c1ade9a26d83796683c03"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: e-dmC3CtWjXLUfkxa9Y0AR8HpjLp2tF-zG5HiQ-JpAWCpXk57bU1Nw==

GET
H2 200 bing-ads.dynamic.js.gz Show response
cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/ 2 KB
2 KB 59ms
59ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/bing-ads.dynamic.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: e91bd6d37a2d6c0a38558cfe458338d7f0437252d5d4e3ebfffa5d2ba8e5aaa2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 20 Aug 2024 23:05:46 GMT
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-version-id: FoTET4_68HQpVRKQ1li1OZXu7277KolH
x-amz-cf-pop: FRA6-C1
age: 753180
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 1135
last-modified: Thu, 08 Aug 2024 06:57:14 GMT
server: AmazonS3
etag: "3900da1d5e6e2ce7174a0f56f77b7b5b"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: IVYp3Xd7MPH_DyafYXoCQNRrzNBBnvJvkBWBRiUvJzuCi-oPM6sehQ==

POST
H2 200 p Show response
events-api.monarchmoney.com/v1/ 21 B
334 B 736ms
606ms Fetch
application/json 2600:9000:26e8:0:d:cf84:bb40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events-api.monarchmoney.com/v1/p

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26e8:0:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 29 Aug 2024 16:18:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 e3d6f049badd72a460740c783d33cfa4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
content-length: 21
x-amz-cf-id: WNsV9Kc3ZomUslejI8vkkgU7_WXbPTsqFyVGs_xlPWTWAHQ_HPWCdQ==

POST
H2 200 p Show response
events-api.monarchmoney.com/v1/ 21 B
333 B 735ms
608ms Fetch
application/json 2600:9000:26e8:0:d:cf84:bb40:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://events-api.monarchmoney.com/v1/p

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2600:9000:26e8:0:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

Software

Resource Hash

12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: text/plain

Response headers

date: Thu, 29 Aug 2024 16:18:46 GMT
strict-transport-security: max-age=31536000
via: 1.1 e3d6f049badd72a460740c783d33cfa4.cloudfront.net (CloudFront)
x-amz-cf-pop: FRA56-P10
vary: Origin
x-cache: Miss from cloudfront
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
content-length: 21
x-amz-cf-id: pR0ncvDWXfRdIdvU_gzWuXiZ8JmXLLDb9vo2UkVBlNn8p7PNkR8amg==

GET
H2 200 commons.a61d7bea37d2de5d4b69.js.gz Show response
cdn.segment.com/next-integrations/integrations/vendor/ 70 KB
22 KB 63ms
63ms Script
application/javascript 99.86.8.175
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz
Requested by: Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-99-86-8-175.fra6.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 27 Aug 2024 07:24:19 GMT
content-encoding: gzip
via: 1.1 c6b364b1181abfafd7a69f210841edca.cloudfront.net (CloudFront)
x-amz-version-id: aAixXKmCEkR1rfYrRzV2.EPYhnGmH0W2
x-amz-cf-pop: FRA6-C1
age: 204867
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-length: 21911
last-modified: Thu, 08 Aug 2024 06:57:13 GMT
server: AmazonS3
etag: "c467a63b2e7c3a99be423ace649014d8"
access-control-max-age: 3000
access-control-allow-methods: GET, HEAD
content-type: application/javascript
access-control-allow-origin: *
cache-control: public,max-age=31536000,immutable
accept-ranges: bytes
x-amz-cf-id: 4i_5xuZs4RsD5yRdlDepshVi3z71QXsU1v2VSHBWNi6dGwLMPBfMXQ==

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 133ms
40ms Script
text/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 29 Aug 2024 15:20:02 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 3523
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 29 Aug 2024 17:20:02 GMT

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 90ms
41ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Aug 2024 16:18:45 GMT
document-policy: force-load-at-top
x-fb-server-load: 66
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58936
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=40, rtx=0, c=23, mss=1232, tbw=4288, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: HJYkVX5f56WN0uPvtKGl7ypAn9aP5/WdhjOaXualgS7/SRyXotch3R9kG+VVbDbCc4AyRWvLwADUPiOZ9ZLbnA==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H3 200 conversion_async.js Show response
www.googleadservices.com/pagead/ 54 KB
19 KB 118ms
53ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion_async.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

7fcc1c4585b953a2e081b58de27f1fc802056c2d99e9b9fe7afa57b128f1670c

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 19781
x-xss-protection: 0
server: cafe
etag: 7861682774813657514
vary: Accept-Encoding
content-type: text/javascript; charset=UTF-8
cache-control: private, max-age=3600
timing-allow-origin: *
expires: Thu, 29 Aug 2024 16:18:45 GMT

GET
H2 200 bat.js Show response
bat.bing.com/ 49 KB
14 KB 195ms
63ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/bat.js

Requested by

Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.a61d7bea37d2de5d4b69.js.gz

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: gzip
date: Thu, 29 Aug 2024 16:18:45 GMT
last-modified: Sat, 13 Jul 2024 20:42:16 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 6E13049BDEA44CDEA7F4448F7D19BA12 Ref B: FRA31EDGE0713 Ref C: 2024-08-29T16:18:45Z
etag: "044982565d5da1:0"
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript
cache-control: private,max-age=1800
accept-ranges: bytes
content-length: 14183

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/AW-794001205/ 5 KB
2 KB 51ms
51ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1724948325845&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

1b3035d983b643a29b2cf6d0bad88c0b581ce39a8fe56f06e40072390df0ae6b

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2373
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 / Show response
www.googleadservices.com/pagead/conversion/AW-794001205/ 5 KB
2 KB 54ms
54ms Script
text/javascript 142.250.185.130
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1724948325850&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&rfmt=3&fmt=4

Requested by

Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.185.130 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s50-in-f2.1e100.net

Software

cafe /

Resource Hash

17a3813901dc29aa299fcb7380d0bf57dec68b750b7bc7f81354b8587e8deb07

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: br
x-content-type-options: nosniff
server: cafe
content-type: text/javascript; charset=UTF-8
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, must-revalidate
cross-origin-resource-policy: cross-origin
content-disposition: attachment; filename="f.txt"
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 2407
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 2173781372941566 Show response
connect.facebook.net/signals/config/ 64 KB
13 KB 267ms
267ms Script
application/x-javascript 157.240.251.9
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/2173781372941566?v=2.9.166&r=stable&domain=app.monarchmoney.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.251.9 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-fra5.fbcdn.net

Software

Resource Hash

36cd52b6ae5741ac32cfe5a9b467c31b06f59d2f05ec290496adcf39e503317e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 29 Aug 2024 16:18:46 GMT
document-policy: force-load-at-top
x-fb-server-load: 67
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: EXCELLENT; q=0.9, rtt=39, rtx=0, c=74, mss=1232, tbw=66958, tp=63, tpl=0, uplat=227, ullat=0
pragma: public
x-fb-debug: qb5mqkItBvxrmC5fdUGXrmZefY4GQjaeN2BPILL3zwrS95hmfMDWtOvfPb8cDs/w4ZNOHo4A3GUHEf2j2o6NnQ==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 js Show response
www.google-analytics.com/gtm/ 180 KB
65 KB 53ms
53ms Script
application/javascript 2a00:1450:4001:813::200e
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/gtm/js?id=OPT-WL3C999&cid=1916011807.1724948326

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

9176ad8ed8c803462002a7ff6655599d653ab46e6e1ea226640ac6ee3e444689

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 66559
x-xss-protection: 0
last-modified: Thu, 29 Aug 2024 15:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 29 Aug 2024 16:18:45 GMT

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
284 B 139ms
136ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Thu, 29 Aug 2024 16:18:45 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H2 200 137022621.js Show response
bat.bing.com/p/action/ 4 KB
2 KB 66ms
64ms Script
application/javascript 2620:1ec:33:1::10
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://bat.bing.com/p/action/137022621.js

Requested by

Host: bat.bing.com
URL: https://bat.bing.com/bat.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

2620:1ec:33:1::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Resource Hash

f9d2f93765355bf880f064950477035849e2bbf673e159d2074f5f3ec273a86c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=31536000; includeSubDomains; preload
content-encoding: br
date: Thu, 29 Aug 2024 16:18:45 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: EBB17E290D8E47048CCFA0C9DDEA9F4D Ref B: FRA31EDGE0713 Ref C: 2024-08-29T16:18:45Z
vary: Accept-Encoding
x-cache: CONFIG_NOCACHE
content-type: application/javascript; charset=utf-8
cache-control: private,max-age=60

GET
H3

200

/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&...
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_h...
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_hi...

42 B
64 B

105ms
59ms

Image
image/gif

142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIjO7goc2aiAMVbwN1AR2EHhnNMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfy2DJpCZ_6VsUWrFFQtWvVYgMUwpeDQ&random=2765703293&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/AW-794001205/?random=989115636&cv=9&fst=1724948325845&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECShV0cmlnZ2VyLCBldmVudC1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIjO7goc2aiAMVbwN1AR2EHhnNMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfy2DJpCZ_6VsUWrFFQtWvVYgMUwpeDQ&random=2765703293&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3

200

/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain

https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h...
https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1...
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=12...

42 B
64 B

108ms
58ms

Image
image/gif

142.250.181.227
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIqfPgoc2aiAMVE5P9Bx0SfAZBMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfeb1LONyF8Msh9QdLfSNnQhQZhOMlWQ&random=1158581619&resp=GooglemKTybQhCsO&ipr=y

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Fdashboard

Protocol

Server

142.250.181.227 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

fra16s56-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
Content-Security-Policy	script-src 'none'; object-src 'none'
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma: no-cache
date: Thu, 29 Aug 2024 16:18:46 GMT
content-security-policy: script-src 'none'; object-src 'none'
x-content-type-options: nosniff
server: cafe
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location: https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1770882808&cv=9&fst=1724948325850&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=1200&u_w=1600&u_ah=1200&u_aw=1600&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Fdashboard&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=&uab=&uam=&uap=&uapv=&uaw=0&uafvl=&async=1&fmt=3&ct_cookie_present=false&crd=CLHBsQIIsMGxAgi5wbECSid0cmlnZ2VyLCBldmVudC1zb3VyY2U9bmF2aWdhdGlvbi1zb3VyY2VaAwoBAWIECgICAw&pscrd=IhMIqfPgoc2aiAMVE5P9Bx0SfAZBMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAsyAggVMgIIHzICCBMyAggS&is_vtc=1&cid=CAQSGwDpaXnfeb1LONyF8Msh9QdLfSNnQhQZhOMlWQ&random=1158581619&resp=GooglemKTybQhCsO&ipr=y
content-type: image/gif
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 137022621 Show response
www.clarity.ms/tag/uet/ 680 B
934 B 283ms
283ms Script
application/x-javascript 2620:1ec:29:1::44
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/uet/137022621
Requested by: Host: bat.bing.com
URL: https://bat.bing.com/p/action/137022621.js
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:29:1::44 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 5e2a2178f1f8133e9fc97a9aa062e8b010130d8d74469ab85dc639b582680039

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:bdfb7149-d2ee-45f0-9a22-f0b1c5035608
date: Thu, 29 Aug 2024 16:18:46 GMT
x-azure-ref: 20240829T161845Z-15db8b67977nvb42gef6240rdn000000074g00000000578b
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 680
expires: -1

GET
H/1.1 200
OK config Show response
api.sprig.com/sdk/1/environments/jhOvgs1si6/ 996 B
1 KB 153ms
152ms Fetch
application/json 3.228.185.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.228.185.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-228-185-195.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash: d86abc5dfa7f11003c811cef84eb8d740b10a7f97f89e7dd29945a1455103c43

Request headers

x-ul-visitor-id: 36f7faba-8e87-4e87-8998-00ed0ebf2cd6
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json
x-ul-installation-method: web-snippet
Referer
sprig-modules: replay
x-ul-sdk-version: 2.31.1
x-ul-environment-id: jhOvgs1si6
userleap-platform: web

Response headers

date: Thu, 29 Aug 2024 16:18:46 GMT
server: istio-envoy
etag: W/"3e4-wUbaibaetVAhzjk2CYQ5/Lk6PH8"
vary: Accept-Encoding
content-type: application/json; charset=utf-8
access-control-allow-origin: *
x-envoy-upstream-service-time: 11
timing-allow-origin: https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length: 996

OPTIONS
H/1.1 204
No Content config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ Frame 0
0 441ms
194ms Preflight 3.228.185.195
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 3.228.185.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-3-228-185-195.compute-1.amazonaws.com
Software: istio-envoy /
Resource Hash

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,sprig-modules,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
Access-Control-Request-Method: GET
Origin: https://app.monarchmoney.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-headers: content-type,sprig-modules,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
access-control-allow-methods: GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin: *
date: Thu, 29 Aug 2024 16:18:46 GMT
server: istio-envoy
timing-allow-origin: https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
vary: Access-Control-Request-Headers
x-envoy-upstream-service-time: 7

GET
H2 200 favicon.ico
app.monarchmoney.com/ 15 KB
8 KB 353ms
352ms Other
image/x-icon 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://app.monarchmoney.com/favicon.ico

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633

Security Headers

Name	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Thu, 29 Aug 2024 16:18:46 GMT
content-security-policy: upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com content.moneydesktop.com https://cdn.spinwheel.io *.cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com *.browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; includeSubDomains
nel: {"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies: none
cf-cache-status: REVALIDATED
via: 1.1 vegur
x-dns-prefetch-control: off
content-encoding: br
x-xss-protection: 0
reporting-endpoints: heroku-nel=https://nel.heroku.com/reports?ts=1724922934&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=4BeYMRbYAx7e1EPrCB%2BH8qiklzBN231OulmpwiIEOo4%3D
referrer-policy: no-referrer
last-modified: Thu, 29 Aug 2024 00:04:31 GMT
server: cloudflare
etag: W/"3c2e-1919b72b298"
expect-ct: max-age=0
x-frame-options: SAMEORIGIN
report-to: {"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1724922934&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=4BeYMRbYAx7e1EPrCB%2BH8qiklzBN231OulmpwiIEOo4%3D"}]}
content-type: image/x-icon
vary: Accept-Encoding
x-download-options: noopen
cache-control: public, max-age=14400
cf-ray: 8baddbdfcb259202-FRA

POST
H3 200 ingest Show response
pixels.spotify.com/v1/ 52 B
100 B 58ms
56ms Fetch
application/json 35.186.224.24
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://pixels.spotify.com/v1/ingest

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

QUIC, , AES_128_GCM

Server

35.186.224.24 Kansas City, United States, ASN15169 (GOOGLE, US),

Reverse DNS

24.224.186.35.bc.googleusercontent.com

Software

envoy /

Resource Hash

af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff

Request headers

Accept: application/json
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:47 GMT
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
content-encoding: gzip
grpc-status: 0
server: envoy
via: HTTP/2 edgeproxy, 1.1 google
grpc-encoding: identity
vary: Accept-Encoding
content-type: application/json
access-control-allow-origin: https://app.monarchmoney.com
x-envoy-upstream-service-time: 2
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
grpc-accept-encoding: gzip,x-snappy-framed

POST
H/1.1 204
No Content collect Show response
w.clarity.ms/ 0
284 B 146ms
145ms XHR
text/plain 23.96.124.156
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://w.clarity.ms/collect
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_256_GCM
Server: 23.96.124.156 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: nginx /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept: application/x-clarity-gzip
Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Access-Control-Allow-Origin: https://app.monarchmoney.com
Date: Thu, 29 Aug 2024 16:18:48 GMT
Access-Control-Allow-Credentials: true
Server: nginx
Connection: keep-alive
Vary: Origin
Request-Context: appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12

GET
H3 200 m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame B142 0
0 41ms
40ms Document
text/html 151.101.0.176
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html

Requested by

Host: js.stripe.com
URL: https://js.stripe.com/v3

Protocol

Security

QUIC, , AES_256_GCM

Server

151.101.0.176 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

Fastly /

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security	max-age=31556926; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges: bytes
access-control-allow-origin: *
age: 2555441
alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
cache-control: max-age=31536000
content-encoding: br
content-length: 154
content-security-policy: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only: base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type: text/html; charset=utf-8
date: Thu, 29 Aug 2024 16:18:49 GMT
etag: "3437aaddcdf6922d623e172c2d6f9278"
last-modified: Fri, 11 Nov 2022 20:25:37 GMT
server: Fastly
strict-transport-security: max-age=31556926; includeSubDomains; preload
timing-allow-origin: *
vary: Accept-Encoding
via: 1.1 varnish
x-cache: HIT
x-cache-hits: 90822
x-content-type-options: nosniff
x-request-id: 6159ef89-5222-4af9-89ce-b4ca0f44fef3
x-served-by: cache-fra-etou8220104-FRA

GET
H2 200 UNKNOWN Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
207 B 77ms
74ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN

Requested by

Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Security Headers

Name	Value
Strict-Transport-Security	max-age=15770000; includeSubdomains

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:50 GMT
strict-transport-security: max-age=15770000; includeSubdomains
via: 1.1 varnish, 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
content-encoding: gzip
x-amz-cf-pop: AMS58-P5
age: 256784
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kiad7000133-IAD, cache-fra-eddf8230088-FRA
server: cloudflare
x-timer: S1724948330.277043,VS0,VE0
etag: "1000002"
vary: Accept-Encoding,Authorization
trace: cache-iad-kiad7000133-IAD-e4bdf414-3421-4c47-a340-e922355297b0; cache-fra-etou8220054-FRA-c2df6480-a5ed-49f8-8aa2-133c5f78507b
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
content-type: application/json; charset=utf-8
accept-ranges: bytes
cf-ray: 8baddbf81c3ed2ea-FRA
x-amz-cf-id: TrwQnIwuAxO70ku21ixHWszaHosj0_T8ga1nfXcNMrRPg61jZe8WIg==
x-cache-hits: 63, 12

GET
H2 200 7a5cf301-8d96-4456-89fb-9a2639bff4bc Show response
features.monarchmoney.com/sdk/api/mySegments/ 17 B
0 0ms
0ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/mySegments/7a5cf301-8d96-4456-89fb-9a2639bff4bc
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: 2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:44 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 039ee779486557ccf22d128d6266e00e.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
age: 0
x-cache: Miss from cloudfront
content-length: 41
x-served-by: cache-iad-kjyo7100106-IAD, cache-fra-eddf8230021-FRA
server: cloudflare
x-timer: S1724948324.250495,VS0,VE97
etag: "1000002"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kjyo7100106-IAD-8a91c343-8cd4-4851-9d7f-f1ec47203c8b; cache-fra-eddf8230021-FRA-43b9f89c-39c9-4ecc-b5f1-06f208dbde93
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbd23abed2ea-FRA
x-amz-cf-id: 3SDdy_skSHRqvU323AqMbRpMujHs6-5PX4JZrodPgWOKZEwTK1LIOw==
x-cache-hits: 0, 0

GET
H2 200 splitChanges Show response
features.monarchmoney.com/sdk/api/ 56 B
0 2ms
2ms Fetch
application/json 2606:4700:10::6816:3d79
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL: https://features.monarchmoney.com/sdk/api/splitChanges?since=1724890668832
Requested by: Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/311.143af247.js
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software: cloudflare /
Resource Hash: c608b36bc0943c2322757654e2b026aba96a6ba921aa931c728fd748fc6a7018

Request headers

Accept: application/json
Referer
SplitSDKVersion: react-1.2.6
Authorization: Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/json

Response headers

date: Thu, 29 Aug 2024 16:18:45 GMT
content-encoding: gzip
via: 1.1 varnish, 1.1 varnish, 1.1 ef04b5bd9d63162000acde84eaab4f9a.cloudfront.net (CloudFront)
cf-cache-status: DYNAMIC
x-amz-cf-pop: AMS58-P5
x-cache: Hit from cloudfront
content-length: 64
x-served-by: cache-iad-kiad7000066-IAD, cache-fra-eddf8230141-FRA
last-modified: Thu, 29 Aug 2024 00:17:48 GMT
server: cloudflare
x-timer: S1724948325.082046,VS0,VE3
etag: "1724890668832"
vary: Accept-Encoding,Authorization
content-type: application/json; charset=utf-8
trace: cache-iad-kcgs7200142-IAD-34e75d36-dbea-4ba3-be41-9fa15ca27a3a; cache-fra-eddf8230156-FRA-831c132b-1847-4e38-9783-644cde537786
access-control-allow-origin: *
access-control-expose-headers: Access-Control-Allow-Origin,X-Request-Id
cache-control: no-transform, max-age=60, s-maxage=60
accept-ranges: bytes
cf-ray: 8baddbdb58c7d2ea-FRA
x-amz-cf-id: xUku9OZ_sXpZNwQgsgqw9CRcku8q9XYjJ6As-S0NOlxSjMxSiIQs2w==
x-cache-hits: 16, 0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Domain: api.monarchmoney.com
URL: https://api.monarchmoney.com/graphql

Verdicts & Comments Add Verdict or Comment

95 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

16 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.monarchmoney.com/	1970-01-21 01:18:44	Name: _rdt_uuid Value: 1724948322296.fc6b3cb3-5c8f-4f83-a38e-9996a69ae265
app.monarchmoney.com/	1970-01-21 07:54:44	Name: __spdt Value: 06a93783d35b4ba080cedab4eb7fd819
.tiktok.com/	1970-01-21 08:30:44	Name: _ttp Value: 2lL97ZOn85qkwASktm6sE0JQ6TI
.twitter.com/	1970-01-21 08:45:08	Name: guest_id_marketing Value: v1%3A172494832241137190
.twitter.com/	1970-01-21 08:45:08	Name: guest_id_ads Value: v1%3A172494832241137190
.twitter.com/	1970-01-21 08:45:08	Name: personalization_id Value: "v1_QDVpNCS+kszJR7+CwCqZrQ=="
.twitter.com/	1970-01-21 08:45:08	Name: guest_id Value: v1%3A172494832241137190
.t.co/	1970-01-21 08:45:08	Name: muc_ads Value: c1f6789e-7f72-4bad-9556-5f7b4e7ffc3a
.monarchmoney.com/	1970-01-21 08:30:44	Name: _tt_enable_cookie Value: 1
.monarchmoney.com/	1970-01-21 08:30:44	Name: _ttp Value: 4vnpBxGFjTTipUjS3HznjUoHhVb
app.monarchmoney.com/	1969-12-31 23:59:59	Name: ajs_anonymous_id Value: 7a5cf301-8d96-4456-89fb-9a2639bff4bc
.monarchmoney.com/	1970-01-21 07:54:44	Name: singular_device_id Value: f0fd97b1-5e4f-4f1c-9181-9677296e876e
.monarchmoney.com/	1970-01-21 07:54:44	Name: ajs_anonymous_id Value: 7a5cf301-8d96-4456-89fb-9a2639bff4bc
.monarchmoney.com/	1970-01-21 08:45:08	Name: _ga Value: GA1.2.1916011807.1724948326
.monarchmoney.com/	1970-01-20 23:10:34	Name: _gid Value: GA1.2.1593334165.1724948326
.doubleclick.net/	1970-01-20 23:09:09	Name: test_cookie Value: CheckForPermission

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	upgrade-insecure-requests;default-src 'self' .plaid.com .finicity.com .mx.com .stripe.com .cloudinary.com;frame-ancestors 'self' www.reddit.com .finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' .monarchmoney.com .monarchmoneystaging.com .redditstatic.com .googleadservices.com .ads-twitter.com .plaid.com .finicity.com .mx.com .gstatic.com analytics.tiktok.com .byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://.doubleclick.net https://stats.g.doubleclick.net https://.google.com https://.google.com.br https://.googlesyndication.com https://.googletagservices.com https://.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://.sentry.io edge.fullstory.com .fullstory.com www.clarity.ms .clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/ https://cdn.spinwheel.io;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com .google.com https://www.gstatic.com www.gstatic.com .gstatic.com .bing.com;object-src .googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com .stripe.com .stripe.network .google.com .doubleclick.net .googlesyndication.com .facebook.com connect.facebook.net sdx.microsoft.com .plaid.com .finicity.com .moneydesktop.com .mx.com .youtube.com https://app.usefini.com/ https://sandbox-dim.spinwheel.io https://dim.spinwheel.io;child-src 'self' data: .google.com .doubleclick.net .googlesyndication.com www.googleadservices.com .facebook.com connect.facebook.net;img-src 'self' data: blob: .stripe.com www.googleadservices.com .googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com .googletagmanager.com www.googletagmanager.com .google-analytics.com https://www.google.com analytics.google.com .doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net .doubleclick.net https://stats.g.doubleclick.net .facebook.com .facebook.net https://connect.facebook.net .fbcdn.net .bing.com .microsoft.com .clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com .redditstatic.com .reddit.com .ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com .googleusercontent.com .gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com .tiktok.com .byspotify.com .google.com .google.ad .google.ae .google.com.af .google.com.ag .google.com.ai .google.al .google.am .google.co.ao .google.com.ar .google.as .google.at .google.com.au .google.az .google.ba .google.com.bd .google.be .google.bf .google.bg .google.com.bh .google.bi .google.bj .google.com.bn .google.com.bo .google.com.br .google.bs .google.bt .google.co.bw .google.by .google.com.bz .google.ca .google.cd .google.cf .google.cg .google.ch .google.ci .google.co.ck .google.cl .google.cm .google.cn .google.com.co .google.co.cr .google.com.cu .google.cv .google.com.cy .google.cz .google.de .google.dj .google.dk .google.dm .google.com.do .google.dz .google.com.ec .google.ee .google.com.eg .google.es .google.com.et .google.fi .google.com.fj .google.fm .google.fr .google.ga .google.ge .google.gg .google.com.gh .google.com.gi .google.gl .google.gm .google.gr .google.com.gt .google.gy .google.com.hk .google.hn .google.hr .google.ht .google.hu .google.co.id .google.ie .google.co.il .google.im .google.co.in .google.iq .google.is .google.it .google.je .google.com.jm .google.jo .google.co.jp .google.co.ke .google.com.kh .google.ki .google.kg .google.co.kr .google.com.kw .google.kz .google.la .google.com.lb .google.li .google.lk .google.co.ls .google.lt .google.lu .google.lv .google.com.ly .google.co.ma .google.md .google.me .google.mg .google.mk .google.ml .google.com.mm .google.mn .google.ms .google.com.mt .google.mu .google.mv .google.mw .google.com.mx .google.com.my .google.co.mz .google.com.na .google.com.ng .google.com.ni .google.ne .google.nl .google.no .google.com.np .google.nr .google.nu .google.co.nz .google.com.om .google.com.pa .google.com.pe .google.com.pg .google.com.ph .google.com.pk .google.pl .google.pn .google.com.pr .google.ps .google.pt .google.com.py .google.com.qa .google.ro .google.ru .google.rw .google.com.sa .google.com.sb .google.sc .google.se .google.com.sg .google.sh .google.si .google.sk .google.com.sl .google.sn .google.so .google.sm .google.sr .google.st .google.com.sv .google.td .google.tg .google.co.th .google.com.tj .google.tl .google.tm .google.tn .google.to .google.com.tr .google.tt .google.com.tw .google.co.tz .google.com.ua .google.co.ug .google.co.uk .google.com.uy .google.co.uz .google.com.vc .google.co.ve .google.vg .google.co.vi .google.com.vn .google.vu .google.ws .google.rs .google.co.za .google.co.zm .google.co.zw .google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com api.monarchmoney.com t.co googleads.g.doubleclick.net .facebook.com https://storage.googleapis.com/fini-widget/ .attribution.adswizz.com https://.attribution.adswizz.com https://pixel.tapad.com https://.tapad.com content.moneydesktop.com https://cdn.spinwheel.io .cloudfront.net;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com .byspotify.com .zendesk.com https://api.segment.io .segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net .stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com .doubleclick.net .google.com .googlesyndication.com www.googletagservices.com .facebook.com connect.facebook.net .bing.com wss://.bing.com .clarity.ms sentry.io .sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com prod-carpintero-branding.s3.us-west-2.amazonaws.com reddit.com .reddit.com .ads-twitter.com cdn.sprig.com cdn.segment.com .browser-intake-datadoghq.com https://rum.browser-intake-datadoghq.com https://browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/ https://status.monarchmoney.com browser-intake-datadoghq.com pixels.spotify.com;manifest-src 'self';base-uri 'self';form-action 'self' .google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security	max-age=15552000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
alb.reddit.com
analytics.tiktok.com
analytics.twitter.com
api.monarchmoney.com
api.sprig.com
app.monarchmoney.com
appleid.cdn-apple.com
bat.bing.com
cdn.plaid.com
cdn.segment.com
cdn.userleap.com
connect.facebook.net
ekr.zdassets.com
events-api.monarchmoney.com
events-cdn.monarchmoney.com
features.monarchmoney.com
googleads.g.doubleclick.net
js.stripe.com
monarchmoney.zendesk.com
pixel-config.reddit.com
pixel.byspotify.com
pixels.spotify.com
sdk-api-v1.singular.net
sentry.io
static.ads-twitter.com
static.zdassets.com
status.monarchmoney.com
streaming.split.io
t.co
w.clarity.ms
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.gstatic.com
www.redditstatic.com
api.monarchmoney.com
104.16.53.111
104.18.70.113
104.244.42.3
13.32.121.112
142.250.181.227
142.250.185.100
142.250.185.130
142.250.186.98
146.75.120.157
151.101.0.176
151.101.1.140
151.101.65.140
157.240.251.9
184.24.77.156
184.30.208.159
2.18.64.21
23.96.124.156
2600:1901:1:7c5::
2600:9000:223d:1000:9:a6e8:8080:93a1
2600:9000:223d:2000:6:5671:b9c0:93a1
2600:9000:26e8:0:d:cf84:bb40:93a1
2606:4700:10::6816:3d79
2620:1ec:29:1::44
2620:1ec:33:1::10
2a00:1450:4001:811::2003
2a00:1450:4001:813::200e
2a00:1450:400c:c07::54
2a04:4e42:400::396
3.228.185.195
34.117.162.98
35.186.224.24
35.186.247.156
52.222.214.43
54.240.174.7
93.184.221.165
99.86.8.175
0c4a7f42428d3c734e2f46390af364677dfa47d99e69b22c56a03e8bd3fd4c14
0fbc5275b0cd92710596a74b8a192fc0d38b039ba616ada871fa761e8aa53542
129151ed0140041b198ce3b364a11861a3b5baa5bb60475ebf7bedb9b0fc94d6
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
139a08fdf4870239ba6acfc2f470d1359d5c445f2590bdd7edbc01ed619a30bb
17a3813901dc29aa299fcb7380d0bf57dec68b750b7bc7f81354b8587e8deb07
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d
1b3035d983b643a29b2cf6d0bad88c0b581ce39a8fe56f06e40072390df0ae6b
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
20de2de93c034f0e1ed81727065936b52b3bedb10a612cc28afea038c740ef2f
244d56ceae3f2752b26cbe829087d576d715275e60fe3efb58083652272255c0
264532af47b2cfb6620970592478c442a0cd429beccead9d062ff5a91284dc15
265ac7549793e4b9d51f8ab19acc8518770ace94078790776b3ac34eb47e1bbd
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
364c61321116fcef14c27fa92815862e7a21bf7f9c9a730780110863aecf61f9
36cd52b6ae5741ac32cfe5a9b467c31b06f59d2f05ec290496adcf39e503317e
390ef43c0b5dbc582e5739b1d396f223472ab9975bd1213561bae3441a0b745d
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
42e2dd427dd9f9d45367c880c68289114b7de56373ff8bdc664ea0fa3ce77880
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5
45da241a91c843b268ada7481cdece1aa679f2720931effea28d83e1398d66a9
4668b42c8c5e63f3aa1987896ce3aedc2c13a44c1fc6eb2d115ffca2cfc3a611
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
4df53644d1c9fd651ccfd697977eb07d94cd744b0a4997568d67cc25ef44e483
50a98b0680aaaaa9407001661f18904e29d76402c3da7ad64246413886fc64b3
54ae42560c522ac01e50987d61ab619b919f6bc82f37879d750bafb4640c7de2
557c67c76c13a84e8b483ee1a0dfdd807399d960909266e7c6a83ddfadca9c81
56c6349fa44368bc7ae0004dd8720a17facc23c4862b0bc9c63da022886130b2
5e2a2178f1f8133e9fc97a9aa062e8b010130d8d74469ab85dc639b582680039
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
6755508f95a14ac65d6d5123ce9db08f5b0fc2921dd713a6ae8d6369a0020da9
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
7fcc1c4585b953a2e081b58de27f1fc802056c2d99e9b9fe7afa57b128f1670c
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
86685e191878d9ecfd30ed1fe63cbb783bf9151607e9996342d64977013e3cff
8e23efa39c7e171af16351e3aa1191eabed7d449dce72eb3a318ca9a0bc487be
9176ad8ed8c803462002a7ff6655599d653ab46e6e1ea226640ac6ee3e444689
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
9af7e7fb49c82eff0679f176c44bf623fa97b459ef259019652b010dcb79baeb
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
a6a10759097db886e581ff34a0b28693b7cbfa96a750b09cc9428fbfeedd890c
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
af626b854a946518a3a3c508ee9824e78ae985c5cda705c1d2a3fdaafe2254c0
b42c8ffcb966ef0201e5691ebbc67fc87a75a34e1b5dbf6652fc921f6ad6c0c1
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
be3a6250488e5307dc62720e5cdd689a5c20824cb9ec76259f2fbdcad86c4cb9
c1d374f707bf5793c0d53ac07a27196e00a7e7135b77f2d09374dea4a0e5e151
c608b36bc0943c2322757654e2b026aba96a6ba921aa931c728fd748fc6a7018
ca10079b550df42a492d554a8e9b81be8062043d1b90450c4f068d83a436c238
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
ca3d163bab055381827226140568f3bef7eaac187cebd76878e0b63e9e442356
cbf5816bdc700b18c3be9c798106262658ca8e966b5b82b22c94dda91da35d2e
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
d593a06165e70bcd91c1862c4bb14341e348b1d82192e67cd882ea3b8e64a3c5
d86abc5dfa7f11003c811cef84eb8d740b10a7f97f89e7dd29945a1455103c43
d9affb9be132f18ddba52f53549dabe8b4a644a4c1b2fe5d76bbd7750275da02
dc5db59957dd924a403e123301ac4fc24206c289c5cc36e4ef0570b828993afc
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e368d06d619da2ddbac62f83484f2b207601a2fd8ea86ee0ce8ab30855fe6fa6
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
e91bd6d37a2d6c0a38558cfe458338d7f0437252d5d4e3ebfffa5d2ba8e5aaa2
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3042155b43d9eafd3553035c29c863f3ced375e30003da6ba9dd274dba9e3a7
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633
f9d2f93765355bf880f064950477035849e2bbf673e159d2074f5f3ec273a86c
fc35cd5bd029f3f240e8f60c9ae2fce029d982fb1571564f8e0cf88e8391aaf0

app.monarchmoney.com Open in urlscan Pro 2606:4700:10::6816:3d79 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

135 Requests

82 %HTTPS

31 %IPv6

29 Domains

38 Subdomains

36 IPs

5 Countries

3958 kBTransfer

15150 kBSize

16 Cookies

2 Outgoing links

Redirected requests

135 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

app.monarchmoney.com Open in urlscan Pro
2606:4700:10::6816:3d79 Public Scan

Screenshot
Live screenshot

Full Image

135
Requests

82 %
HTTPS

31 %
IPv6

29
Domains

38
Subdomains

36
IPs

5
Countries

3958 kB
Transfer

15150 kB
Size

16
Cookies

135 HTTP transactions
1 data transactions