takecharge.capitalone.com Open in urlscan Pro
63.149.40.130 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a
Submission: On July 27 via manual (July 27th 2023, 7:23:21 am UTC) from IN — Scanned from DE

Summary HTTP 38 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 2 IPs in 1 countries across 2 domains to perform 38 HTTP transactions. The main IP is 63.149.40.130, located in Murray, United States and belongs to FSA-AMH-AS01, US. The main domain is takecharge.capitalone.com.
TLS certificate: Issued by DigiCert SHA2 Extended Validation Ser... on March 10th 2023. Valid for: a year.

This is the only time takecharge.capitalone.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address		AS Autonomous System
37	63.149.40.130 63.149.40.130		21969 (FSA-AMH-AS01) (FSA-AMH-AS01)
38	2

37 63.149.40.130 (Murray, United States)

ASN21969 (FSA-AMH-AS01, US)

takecharge.capitalone.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
37	capitalone.com takecharge.capitalone.com	623 KB
0	azure.com Failed js.monitor.azure.com Failed
38	2

	Domain	Requested by
37	takecharge.capitalone.com	takecharge.capitalone.com
0	js.monitor.azure.com Failed	takecharge.capitalone.com
38	2

This site contains links to these domains. Also see Links.

Domain
www.capitalone.com
www.capitalonecareers.com
www.nyc.gov

Subject Issuer	Validity	Valid
takecharge.capitalone.com DigiCert SHA2 Extended Validation Server CA	`2023-03-10` - `2024-04-09`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a
Frame ID: 2B28C4EE03F34B5493442F36B7975217
Requests: 38 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

Capital One CapitalOne - Choose Offer

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Microsoft ASP.NET (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<input[^>]+name="__VIEWSTATE

Moment.js (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

moment(?:\.min)?\.js

SweetAlert (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

sweet(?:-)?alert(?:\.min)?\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery[.-]([\d.]*\d)[^/]*\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

jQuery UI (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

jquery-ui.*\.js

Page Statistics

38
Requests

97 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

623 kB
Transfer

1356 kB
Size

1
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://www.capitalone.com/contact/
Title: Contact Us

Search URL Search Domain Scan URL

URL: http://www.capitalonecareers.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.capitalone.com/identity-protection/privacy
Title: Privacy

Search URL Search Domain Scan URL

URL: https://www.capitalone.com/identity-protection/commitment/
Title: Security

Search URL Search Domain Scan URL

URL: http://www.capitalone.com/about/accessibility-commitment/
Title: Accessibility

Search URL Search Domain Scan URL

URL: https://www.nyc.gov/dca
Title: www.nyc.gov/dca.

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

38 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2 200 Primary Request SelectPlan Show response
takecharge.capitalone.com/ 54 KB
55 KB 851ms
421ms Document
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

7c763780e1b8e410bc230875bdfe2555de7bed804efe74e9c105ef4a8c951fb5

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

access-control-expose-headers: Request-Context
cache-control: private
content-length: 55205
content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-type: text/html; charset=utf-8
cross-origin-embedder-policy: require-corp
cross-origin-opener-policy: same-origin
cross-origin-resource-policy: cross-origin
date: Thu, 27 Jul 2023 07:23:08 GMT
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
referrer-policy: strict-origin
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
server
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-powered-by: ASP.NET
x-xss-protection: 1; mode=block

GET
H2 200 firstsource.css
takecharge.capitalone.com/Style/ 3 KB
1 KB 136ms
133ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/firstsource.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

93707463e31ee987089e0fd9e0aababac0979abdb7c9ffd295d816a775867132

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1099
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 ods-core.min.css
takecharge.capitalone.com/Style/ 94 KB
10 KB 140ms
136ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/ods-core.min.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1c1d27ccdc3873e19a969ff6494d7c3142d2a0114faf2a8e505a4a8b16853f14

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 9897
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 17:09:34 GMT
server
cross-origin-opener-policy: same-origin
etag: "0dbc4a22cb0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-3.6.0.min.js Show response
takecharge.capitalone.com/Scripts/ 87 KB
30 KB 234ms
230ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-3.6.0.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 30982
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Wed, 20 Jul 2022 16:09:33 GMT
server
cross-origin-opener-policy: same-origin
etag: "809c6919539cd81:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 sweetalert.min.js Show response
takecharge.capitalone.com/Scripts/ 17 KB
5 KB 139ms
135ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/sweetalert.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 5417
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 sweetalert.css
takecharge.capitalone.com/Scripts/ 27 KB
4 KB 273ms
270ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/sweetalert.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

3fb5610cc02303f26c8a3f2c1e8158fa8b479043bc8f15868894258e0e1f1ee9

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 3998
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Custom.js Show response
takecharge.capitalone.com/Scripts/ 39 KB
6 KB 266ms
263ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/Custom.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

1d2995b5bb70e5bb17e45b593fccf98ad388c389011a668b5ba789296fccfb07

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 6229
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Fri, 07 Jul 2023 13:18:59 GMT
server
cross-origin-opener-policy: same-origin
etag: "8023e196d5b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-ui.min.js Show response
takecharge.capitalone.com/Scripts/ 248 KB
66 KB 275ms
272ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-ui.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

cc6f3e15f2435d6667fee06140e7fdd86275618e6878a4a1004754f5461d76e2

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 67837
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 jquery-ui.min.css
takecharge.capitalone.com/Scripts/ 40 KB
8 KB 137ms
133ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/jquery-ui.min.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

141b9c42f06f12c756e55fccf021a0d9ead8f3a1f4210f7737248330cd2002a0

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 8332
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 moment.js Show response
takecharge.capitalone.com/Utilities/moment/ 171 KB
36 KB 267ms
264ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/moment/moment.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

c33f09a4e1230f3075be8d2a94081108d52f62d3c30b9a238941fe80790267c6

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 36566
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:58 GMT
server
cross-origin-opener-policy: same-origin
etag: "0c38d9e16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 bootstrap-datetimepicker.css
takecharge.capitalone.com/Utilities/ 9 KB
1 KB 137ms
134ms Stylesheet
text/css 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/bootstrap-datetimepicker.css

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

6f964a0a2e79217fb6e09aa7eb7f1c3ffab735bda7971f8c1ffbcc32aac877a9

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1390
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:56 GMT
server
cross-origin-opener-policy: same-origin
etag: "0965c9d16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: text/css
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 bootstrap-datetimepicker.min.js Show response
takecharge.capitalone.com/Utilities/ 38 KB
9 KB 397ms
394ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Utilities/bootstrap-datetimepicker.min.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

e5899ac40c0c8c8a4cad594af3863ff8d8c2a4a9c561af1b59605b50748119f5

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 9514
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:56 GMT
server
cross-origin-opener-policy: same-origin
etag: "0965c9d16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 WebResource.axd Show response
takecharge.capitalone.com/ 23 KB
23 KB 401ms
398ms Script
application/x-javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/WebResource.axd?d=pynGkmcFUV13He1Qd6_TZB8mud_P4yxhN2lrfw06PKIhi2LzDQBuwOV9R4QF6VRGr-Pcr7bN9KxA2s15YMkCWA2&t=636531754929936355

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 23063
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
referrer-policy: strict-origin
last-modified: Fri, 02 Feb 2018 18:38:12 GMT
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/x-javascript
access-control-expose-headers: Request-Context
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
expires: Thu, 25 Jul 2024 09:10:02 GMT

GET
H2 200 MicrosoftAjax.js Show response
takecharge.capitalone.com/Scripts/WebForms/MsAjax/ 97 KB
24 KB 399ms
397ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/WebForms/MsAjax/MicrosoftAjax.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

8fd8aee0188475201e3a6d14a25422587f2d82bb6cbf4ed525029c62bc58a9d3

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 24363
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 MicrosoftAjaxWebForms.js Show response
takecharge.capitalone.com/Scripts/WebForms/MsAjax/ 39 KB
9 KB 400ms
398ms Script
application/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Scripts/WebForms/MsAjax/MicrosoftAjaxWebForms.js

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

33c989079aa502f14e3103d98d176417dd63cb1878420cb7be25fb441d5f9fb3

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 9621
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
vary: Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 ScriptResource.axd Show response
takecharge.capitalone.com/ 27 KB
6 KB 402ms
400ms Script
text/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/ScriptResource.axd?d=LkSbRRtTbnpvh0g927IxkE_DkzZao3lxlShZT_p02oZV8k2kcToEikOotqqmUVv2DhFKp8EqDrYxGOQeZagdzwiNoHRAVpe4BhzyO-xDiDQ7wOzx8mlNNzw7v9YmE16t8FWIVd0PI6A_W8BgMmfCmQ2&t=ffffffffc7a6ddb0

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

286af07a91c36c3adfb158d758ca9f89c310f97e04b525b833e63a06410d1097

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 5790
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
referrer-policy: strict-origin
last-modified: Wed, 26 Jul 2023 09:08:28 GMT
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/javascript
access-control-expose-headers: Request-Context
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
expires: Thu, 25 Jul 2024 09:08:28 GMT

GET
H2 200 ScriptResource.axd Show response
takecharge.capitalone.com/ 17 KB
4 KB 403ms
401ms Script
text/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/ScriptResource.axd?d=8CjII1v0OLoMNKf5zGXmeskT2RIGMjZVhgDjaD15PMsq2FcbWkV5vgm0TJ9MYeVqeit9GWRNBge_xFPdbNDVFcfYEkeuNXuCBZz9yIpL0FeCHs0o759r2-55i63iTqjLC_1F5SdeN5W4u3827MnxjtprBy2KLIhZj4xlZR1T6Ls1&t=ffffffffc7a6ddb0

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

fa85c1320fc62e8a8f79eb3d62e1b39030223abe3c154f973293a5d7eb525317

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 4133
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
referrer-policy: strict-origin
last-modified: Wed, 26 Jul 2023 09:08:28 GMT
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/javascript
access-control-expose-headers: Request-Context
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
expires: Thu, 25 Jul 2024 09:08:28 GMT

GET
H2 200 ScriptResource.axd Show response
takecharge.capitalone.com/ 8 KB
3 KB 408ms
406ms Script
text/javascript 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/ScriptResource.axd?d=qiCbui8_q4m0BAPh1b3lI_4w_nFI6w6hqFiaYnGVIwP1Hr3IT0Vm29KyLKfvZmavshfCU6TKuT_BbRv4qPDUqv5UXdwo1ruqOZuuERyyKqpo0QW1Ecu95kUc6qzmJnSlztCVUHueTewScI7KxzPI4ISQpR3UBA_dMPO3eittq4AansftKW-zZYdMQFkO9XhR0&t=ffffffffc7a6ddb0

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

cdd0cda00b376de2a03a3c7cb145a1f66f97937669d4b2306c635e953d6f79f4

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1784
x-xss-protection: 1; mode=block
request-context: appId=cid-v1:ee4ac2c8-5837-4f6e-a0df-7a957d6b8cc4
referrer-policy: strict-origin
last-modified: Wed, 26 Jul 2023 09:10:02 GMT
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/javascript
access-control-expose-headers: Request-Context
cache-control: public
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
expires: Thu, 25 Jul 2024 09:10:02 GMT

GET
H2 200 capital-one-logo.png
takecharge.capitalone.com/Images/ 11 KB
11 KB 143ms
137ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Images/capital-one-logo.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

53875b1bf6c3140aeb0a712e49d144836f923eb08bc22b97bd52468bc8e35693

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 11278
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:52 GMT
server
cross-origin-opener-policy: same-origin
etag: "03cfa9a16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Home@5x[1].png
takecharge.capitalone.com/Style/icons/ 915 B
966 B 145ms
140ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/Home@5x[1].png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

215d66dbd6858bc653005ec6ba1a97adfc5141107ae63f6e38b2573e1cac5dd4

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 915
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 User@5x[1].png
takecharge.capitalone.com/Style/icons/ 1 KB
2 KB 143ms
138ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/User@5x[1].png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

8eeca2954681d2e13f0ab9c5d2820b1e7635526d0529cc99e1cf069bc0b48e11

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1521
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 C1_FeatureIcon_RGB_OnlineBillPay@2x.png
takecharge.capitalone.com/Style/icons/ 8 KB
8 KB 136ms
131ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/C1_FeatureIcon_RGB_OnlineBillPay@2x.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

e17c451794dbfeacbd58a52a4d25aef070c56d2860529db5b7eb65728c2dceca

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 8450
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 C1_FeatureIcon_RGB_Credit@2x.png
takecharge.capitalone.com/Style/icons/ 8 KB
8 KB 138ms
134ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/C1_FeatureIcon_RGB_Credit@2x.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

b3fdeee42f784617efde13c306447745d68e27350fa110456722d94f82b5d948

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 7709
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 C1_FeatureIcon_RGB_Clock@2x.png
takecharge.capitalone.com/Style/icons/ 12 KB
12 KB 140ms
135ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/C1_FeatureIcon_RGB_Clock@2x.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

12b4188e5bcada067ec5272f6a74b27fb07a14649bc24c1bc3de8d3def7e13c1

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 12708
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 C1_FeatureIcon_RGB_Conversation@2x.png
takecharge.capitalone.com/Style/icons/ 8 KB
9 KB 137ms
133ms Image
image/png 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://takecharge.capitalone.com/Style/icons/C1_FeatureIcon_RGB_Conversation@2x.png

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

7e13416a4dfd746f943c308e75893b34029e57b2e268ed525b0ee790a5ccb8d2

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://takecharge.capitalone.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 8660
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: image/png
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET ai.2.min.js
js.monitor.azure.com/scripts/b/ 0
0

GET
H2 404 Optimist_W_XLt.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
135ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_XLt.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Rg.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 139ms
137ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Lt.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 141ms
139ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_SBd.woff2
takecharge.capitalone.com/Style/fonts/ 0
0 142ms
141ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff2

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_XLt.woff
takecharge.capitalone.com/Style/fonts/ 0
0 136ms
134ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_XLt.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Rg.woff
takecharge.capitalone.com/Style/fonts/ 0
0 135ms
133ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_Lt.woff
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
135ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 404 Optimist_W_SBd.woff
takecharge.capitalone.com/Style/fonts/ 0
0 137ms
136ms Font
text/html 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

Microsoft-IIS/10.0 / ASP.NET

Resource Hash

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:08 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 1245
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
server: Microsoft-IIS/10.0
cross-origin-opener-policy: same-origin
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: text/html
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()

GET
H2 200 Optimist_W_Rg.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 136ms
133ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

2e850b88a328009725d365d5db5683fdc1acfa23ca91270d8ee147b8d2886d87

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:09 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69540
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Optimist_W_XLt.ttf
takecharge.capitalone.com/Style/fonts/ 67 KB
67 KB 138ms
135ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_XLt.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

f564133f844efdd1bd41446fa72962b9e1b0c275ef44f515708cea6d8da64261

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:09 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 68928
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Optimist_W_Lt.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 140ms
137ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

0ecad1a8a4ae4d7a53af0cbc7d24636558f0638bc3ec3704763b0f7fd19fcee0

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:09 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69156
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

GET
H2 200 Optimist_W_SBd.ttf
takecharge.capitalone.com/Style/fonts/ 68 KB
68 KB 137ms
137ms Font
application/octet-stream 63.149.40.130
FSA-AMH-AS01

General

Check archive.org

Show headers Download Go to

Full URL

https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.ttf

Requested by

Host: takecharge.capitalone.com
URL: https://takecharge.capitalone.com/Style/ods-core.min.css

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

63.149.40.130 Murray, United States, ASN21969 (FSA-AMH-AS01, US),

Reverse DNS

Software

/ ASP.NET

Resource Hash

563c31f8f3575c4d9ed82416932f2ee5c1fadee57529d37850748e2dfc171c1e

Security Headers

Name	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://takecharge.capitalone.com/
Origin: https://takecharge.capitalone.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/115.0.5790.110 Safari/537.36

Response headers

content-security-policy: default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
strict-transport-security: max-age=31536000
x-content-type-options: nosniff
date: Thu, 27 Jul 2023 07:23:09 GMT
cross-origin-embedder-policy: require-corp
x-powered-by: ASP.NET
cross-origin-resource-policy: cross-origin
content-length: 69564
x-xss-protection: 1; mode=block
referrer-policy: strict-origin
last-modified: Thu, 06 Jul 2023 14:31:54 GMT
server
cross-origin-opener-policy: same-origin
etag: "0692b9c16b0d91:0"
expect-ct: Web.RequiresHttps.ExpectCtHeader, Web.RequiresHttps
x-frame-options: SAMEORIGIN
content-type: application/octet-stream
permissions-policy: accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()
accept-ranges: bytes

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: js.monitor.azure.com
URL: https://js.monitor.azure.com/scripts/b/ai.2.min.js

Verdicts & Comments Add Verdict or Comment

106 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

1 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

			Domain/Path	Expires	Name / Value
			takecharge.capitalone.com/	1969-12-31 23:59:59	Name: __AntiXsrfToken Value: 5a09b324bf8b4db2b0e06e7904292e7b

11 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a(Line 12) Message: Refused to load the script 'https://js.monitor.azure.com/scripts/b/ai.2.min.js' because it violates the following Content Security Policy directive: "script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval'". Note that 'script-src-elem' was not explicitly set, so 'script-src' is used as a fallback.
security	error	URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a(Line 12) Message: Refused to connect to 'https://dc.services.visualstudio.com/v2/track' because it violates the following Content Security Policy directive: "default-src 'unsafe-inline' 'self'". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.
javascript	error	URL: https://takecharge.capitalone.com/SelectPlan?g=99137AC0-C022-453E-BC87-F36B0B6B4491&t=eceaee63-35fc-4194-9f71-d54d6ebc465a(Line 12) Message: Refused to connect to 'https://dc.services.visualstudio.com/v2/track' because it violates the document's Content Security Policy.
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_XLt.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff2 Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Rg.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_XLt.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_Lt.woff Message: Failed to load resource: the server responded with a status of 404 ()
network	error	URL: https://takecharge.capitalone.com/Style/fonts/Optimist_W_SBd.woff Message: Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'unsafe-inline' 'self'; script-src 'self' 'nonce-WpvQQK0FO/ZAljsQDGMLEgi2hrvIBVPQNak9zIWqRZE=' 'sha256-xuFNyG4dx1UjKAfb59PkKDR48xVbI79G8dAIGZsa2FI=' 'unsafe-eval' ; style-src 'unsafe-inline' 'self' https://fonts.googleapis.com; style-src-elem 'unsafe-inline' 'self' https://fonts.googleapis.com; font-src 'self' data: ;object-src 'none';base-uri 'self'
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

js.monitor.azure.com
takecharge.capitalone.com
js.monitor.azure.com
63.149.40.130
0ecad1a8a4ae4d7a53af0cbc7d24636558f0638bc3ec3704763b0f7fd19fcee0
12b4188e5bcada067ec5272f6a74b27fb07a14649bc24c1bc3de8d3def7e13c1
141b9c42f06f12c756e55fccf021a0d9ead8f3a1f4210f7737248330cd2002a0
1c1d27ccdc3873e19a969ff6494d7c3142d2a0114faf2a8e505a4a8b16853f14
1d2995b5bb70e5bb17e45b593fccf98ad388c389011a668b5ba789296fccfb07
215d66dbd6858bc653005ec6ba1a97adfc5141107ae63f6e38b2573e1cac5dd4
286af07a91c36c3adfb158d758ca9f89c310f97e04b525b833e63a06410d1097
2e850b88a328009725d365d5db5683fdc1acfa23ca91270d8ee147b8d2886d87
33c989079aa502f14e3103d98d176417dd63cb1878420cb7be25fb441d5f9fb3
3fb5610cc02303f26c8a3f2c1e8158fa8b479043bc8f15868894258e0e1f1ee9
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
53875b1bf6c3140aeb0a712e49d144836f923eb08bc22b97bd52468bc8e35693
563c31f8f3575c4d9ed82416932f2ee5c1fadee57529d37850748e2dfc171c1e
6f964a0a2e79217fb6e09aa7eb7f1c3ffab735bda7971f8c1ffbcc32aac877a9
7c763780e1b8e410bc230875bdfe2555de7bed804efe74e9c105ef4a8c951fb5
7e13416a4dfd746f943c308e75893b34029e57b2e268ed525b0ee790a5ccb8d2
8eeca2954681d2e13f0ab9c5d2820b1e7635526d0529cc99e1cf069bc0b48e11
8fd8aee0188475201e3a6d14a25422587f2d82bb6cbf4ed525029c62bc58a9d3
93707463e31ee987089e0fd9e0aababac0979abdb7c9ffd295d816a775867132
b3fdeee42f784617efde13c306447745d68e27350fa110456722d94f82b5d948
be4d1215ef6f2b2915b7f65cd28b9a9f7dcef17e1f0d883edd19400ca0ea795c
c33f09a4e1230f3075be8d2a94081108d52f62d3c30b9a238941fe80790267c6
cc6f3e15f2435d6667fee06140e7fdd86275618e6878a4a1004754f5461d76e2
cdd0cda00b376de2a03a3c7cb145a1f66f97937669d4b2306c635e953d6f79f4
e17c451794dbfeacbd58a52a4d25aef070c56d2860529db5b7eb65728c2dceca
e5899ac40c0c8c8a4cad594af3863ff8d8c2a4a9c561af1b59605b50748119f5
ee11e902416a1d896f538103110337b39a0e2e2606bc1faf5cd0652914891127
f564133f844efdd1bd41446fa72962b9e1b0c275ef44f515708cea6d8da64261
fa85c1320fc62e8a8f79eb3d62e1b39030223abe3c154f973293a5d7eb525317

takecharge.capitalone.com Open in urlscan Pro 63.149.40.130 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

38 Requests

97 %HTTPS

0 %IPv6

2 Domains

2 Subdomains

2 IPs

1 Countries

623 kBTransfer

1356 kBSize

1 Cookies

6 Outgoing links

Redirected requests

38 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

takecharge.capitalone.com Open in urlscan Pro
63.149.40.130 Public Scan

Screenshot
Live screenshot

Full Image

38
Requests

97 %
HTTPS

0 %
IPv6

2
Domains

2
Subdomains

2
IPs

1
Countries

623 kB
Transfer

1356 kB
Size

1
Cookies

38 HTTP transactions
0 data transactions