www.simonmarkets.com Open in urlscan Pro
23.36.162.83 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://simonmarkets.com/
Effective URL:
https://www.simonmarkets.com/simon/
Submission: On December 08 via manual (December 8th 2022, 11:17:23 pm UTC) from US — Scanned from DE

Summary HTTP 23 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 4 IPs in 2 countries across 2 domains to perform 23 HTTP transactions. The main IP is 23.36.162.83, located in Frankfurt am Main, Germany and belongs to AKAMAI-ASN1, NL. The main domain is www.simonmarkets.com. The Cisco Umbrella rank of the primary domain is 527942.
TLS certificate: Issued by DigiCert TLS RSA SHA256 2020 CA1 on January 19th 2022. Valid for: a year.

This is the only time www.simonmarkets.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
1 1	52.216.160.146 52.216.160.146	16509 (AMAZON-02) (AMAZON-02)
1 17	23.36.162.83 23.36.162.83	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
3	35.188.42.15 35.188.42.15	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
3	99.83.241.219 99.83.241.219	16509 (AMAZON-02) (AMAZON-02)
23	4

1 52.216.160.146 (Ashburn, United States) 1 redirects

ASN16509 (AMAZON-02, US)
PTR: s3-website-us-east-1.amazonaws.com

simonmarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

17 23.36.162.83 (Frankfurt am Main, Germany) 1 redirects

ASN20940 (AKAMAI-ASN1, NL)
PTR: a23-36-162-83.deploy.static.akamaitechnologies.com

www.simonmarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
cdn.mxpnl.simonmarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 35.188.42.15 (Council Bluffs, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 15.42.188.35.bc.googleusercontent.com

sentry.io	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 99.83.241.219 (United States)

ASN16509 (AMAZON-02, US)
PTR: aa4314b2f84572f89.awsglobalaccelerator.com

auth.simonmarkets.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
21	simonmarkets.com 2 redirects simonmarkets.com — Cisco Umbrella Rank: 469289 www.simonmarkets.com — Cisco Umbrella Rank: 527942 cdn.mxpnl.simonmarkets.com — Cisco Umbrella Rank: 946506 auth.simonmarkets.com — Cisco Umbrella Rank: 953188 Failed	1 MB
3	sentry.io sentry.io — Cisco Umbrella Rank: 285	1 KB
23	2

	Domain	Requested by
16	www.simonmarkets.com	1 redirects www.simonmarkets.com
3	auth.simonmarkets.com	www.simonmarkets.com
3	sentry.io	www.simonmarkets.com
1	cdn.mxpnl.simonmarkets.com	www.simonmarkets.com
1	simonmarkets.com	1 redirects
23	5

This site contains links to these domains. Also see Links.

Domain
simon.io
brokercheck.finra.org
www.finra.org
www.sipc.org

Subject Issuer	Validity	Valid
simonmarkets.com DigiCert TLS RSA SHA256 2020 CA1	`2022-01-19` - `2023-02-19`	a year	crt.sh
sentry.io DigiCert TLS RSA SHA256 2020 CA1	`2022-06-03` - `2023-07-04`	a year	crt.sh
auth.prod.simonmarkets.com GeoTrust RSA CA 2018	`2021-12-21` - `2023-01-03`	a year	crt.sh

This page contains 2 frames:

Primary Page: https://www.simonmarkets.com/simon/
Frame ID: A2429F250F26E8E7EB97EE90F45980C9
Requests: 22 HTTP requests in this frame

Frame: https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/authorize?client_id=0oadjggdmyOlW19D12p7&code_challenge=GodXJjOfTh381NYVauYs9NI22FV3Ptu3fadttgclBnw&code_challenge_method=S256&nonce=NfNuR4eDKAbe5hcuJ45cgRWGOGWHFPrZ4lwarNuACZBLOJydGPrGqg2XpsoZzy6N&prompt=none&redirect_uri=https%3A%2F%2Fwww.simonmarkets.com%2Fsimon%2F&response_mode=okta_post_message&response_type=code&state=pxWQ3dWPI2HlUDGr6L0DXSpzfPuI9ujgqdKZqn3MkKjFvzjvABPe4ESQgLBEP0TL&scope=openid%20profile%20email
Frame ID: 9CC5984FFD3C51ADDB697A634A5FD84F
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

SIMON

Page URL History Show full URLs

http://simonmarkets.com/ HTTP 301
https://www.simonmarkets.com/ HTTP 302
https://www.simonmarkets.com/simon/ Page URL

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Akamai Bot Manager (Security) Expand

Overall confidence: 100%
Detected patterns

Page Statistics

23
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

4
IPs

2
Countries

1083 kB
Transfer

3500 kB
Size

5
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://simon.io/privacy-policy
Title: Privacy Policy

Search URL Search Domain Scan URL

URL: https://simon.io/terms-and-conditions
Title: Terms of use

Search URL Search Domain Scan URL

URL: https://simon.io/business-continuity-planning
Title: BCP Disclosure

Search URL Search Domain Scan URL

URL: https://brokercheck.finra.org/
Title: FINRA's BrokerCheck

Search URL Search Domain Scan URL

URL: https://www.finra.org/
Title: FINRA

Search URL Search Domain Scan URL

URL: https://www.sipc.org/
Title: SIPC

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://simonmarkets.com/ HTTP 301
https://www.simonmarkets.com/ HTTP 302
https://www.simonmarkets.com/simon/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 10

https://www.simonmarkets.com/simon/auth/logout HTTP 302
https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.simonmarkets.com%2Fsimon%2F

23 HTTP transactions
1 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H2

200

Primary Request / Show response
www.simonmarkets.com/simon/
Redirect Chain

http://simonmarkets.com/
https://www.simonmarkets.com/
https://www.simonmarkets.com/simon/

3 KB
5 KB

429ms
429ms

Document
text/html

23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

2e05561dd579379a621351165e9d8de70870c31680c802e78d88a30b373fcb7b

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

accept-ranges: bytes
cache-control: no-store, no-cache, must-revalidate
content-encoding: gzip
content-length: 1393
content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
content-type: text/html; charset=UTF-8
date: Thu, 08 Dec 2022 23:17:18 GMT
etag: "63921d28-b40"
last-modified: Thu, 08 Dec 2022 17:21:44 GMT
server: nginx/1.22.1
strict-transport-security: max-age=31536000; includeSubDomains
vary: Accept-Encoding
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
x-kong-proxy-latency: 1
x-kong-upstream-latency: 2
x-simon-external: True
x-trace-id: 359d751f-3d8e-40a3-bd1a-889000cb00c0
x-xss-protection: 1; mode=block

Redirect headers

content-length: 0
date: Thu, 08 Dec 2022 23:17:17 GMT
location: https://www.simonmarkets.com/simon/
server: AkamaiGHost
x-simon-external: True

GET
H2 200 main.acaba41c.js Show response
www.simonmarkets.com/simon/static/js/ 51 KB
15 KB 245ms
245ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

ae0f0ff2370cb2e1e1d0db94f2ae7df5553a7815b8a0db512aa657e4246a361e

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 4
x-simon-external: True
content-length: 12341
x-xss-protection: 1; mode=block
x-trace-id: 889ffb58-3235-4020-984d-84d88d99881c
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-ca88"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 mixpanel-2-latest.min.js Show response
cdn.mxpnl.simonmarkets.com/libs/ 50 KB
18 KB 305ms
196ms Script
text/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.mxpnl.simonmarkets.com/libs/mixpanel-2-latest.min.js
Requested by: Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS: a23-36-162-83.deploy.static.akamaitechnologies.com
Software: UploadServer /
Resource Hash: da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-guploader-uploadid: ADPycdth8Y6U2sYW8cf0NoLnFW_BBzlWnWkoOg4vfghzlj-Ok60nqw2gstrC32NGeWOwRk3lHGExrBKQnhzpSwDgR0J8Vw
x-goog-storage-class: MULTI_REGIONAL
x-goog-metageneration: 2
x-goog-stored-content-encoding: gzip
content-length: 17435
pragma: no-cache
last-modified: Thu, 17 Feb 2022 20:21:50 GMT
server: UploadServer
etag: "caa762087e9d75cecc34b5d6626cb7b9"
vary: Accept-Encoding
x-goog-generation: 1645129310876382
x-goog-hash: crc32c=PPVzJA==, md5=yqdiCH6ddc7MNLXWYmy3uQ==
access-control-allow-origin: *
access-control-expose-headers: Content-Length, Content-Type, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
cache-control: max-age=0, no-cache, no-store
x-goog-stored-content-length: 17435
accept-ranges: bytes
content-type: text/javascript
expires: Thu, 08 Dec 2022 23:17:18 GMT

GET
H2 200 vendors-node_modules_sentry_browser_esm_sdk_js-node_modules_query-string_index_js-node_module-7cf4db.241faf50.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 2 MB
627 KB 362ms
361ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/vendors-node_modules_sentry_browser_esm_sdk_js-node_modules_query-string_index_js-node_module-7cf4db.241faf50.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

8fa527c4f625afdec38b198b0cc23c875cc9b30e34ec063f8a4b15cd7881023c

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 1
x-simon-external: True
x-xss-protection: 1; mode=block
x-trace-id: 48ae4c8c-2b66-440a-8a9f-3ef57ffc5dab
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-1f08c5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 vendors-node_modules_react-dom_index_js.8bd3ba51.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 127 KB
45 KB 501ms
501ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/vendors-node_modules_react-dom_index_js.8bd3ba51.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

d1e4c1dabd701faeb8d5877d0a206c744f66104378d9ec74d87c44ca0d018c09

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
x-xss-protection: 1; mode=block
x-trace-id: cc0d6565-f93e-4554-9abf-0d2ce6d8ca7c
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-1fd93"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.d44e176a.chunk.css
www.simonmarkets.com/simon/static/css/ 418 KB
53 KB 822ms
822ms Stylesheet
text/css 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/css/core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.d44e176a.chunk.css

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

ef367055d74ebdcdd6bd715e6769a75b84092ce8d0205bb4c612d805b3ae0081

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:19 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
x-xss-protection: 1; mode=block
x-trace-id: 1b0d95ce-703c-4ee2-b081-21bff9978a04
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-689aa"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.9c7d5379.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 52 KB
22 KB 176ms
176ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.9c7d5379.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

398c6ce8bd1ced484cd655adbcb838fa585b28b498c7823acc676c10af7ce811

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 1
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 3
x-simon-external: True
content-length: 19352
x-xss-protection: 1; mode=block
x-trace-id: 69eb310d-bfa3-4e06-84d5-80d6c113d09a
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-cf3c"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 src_bootstrap_js.75974dde.chunk.css
www.simonmarkets.com/simon/static/css/ 1 KB
4 KB 337ms
336ms Stylesheet
text/css 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/css/src_bootstrap_js.75974dde.chunk.css

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

61abc92c3e7a3930d7ab8da0507c62064a348ca902c78cc2c870564224b2ef44

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 1
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 1
x-simon-external: True
content-length: 706
x-xss-protection: 1; mode=block
x-trace-id: 2b56512a-2b4e-4c0a-b15f-528227ab335c
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-5d5"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 src_bootstrap_js.b96c5b95.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 21 KB
12 KB 331ms
330ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/src_bootstrap_js.b96c5b95.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

28eb6b4236a2b1ef7d570deeae02039629020889eb90b7671c8db761f28912be

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:18 GMT
content-encoding: gzip
x-kong-proxy-latency: 1
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 1
x-simon-external: True
content-length: 8835
x-xss-protection: 1; mode=block
x-trace-id: 5dc031f0-f61d-45c2-a83c-a93d45297acc
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-5274"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

POST
H/1.1 200
OK / Show response
sentry.io/api/1475595/envelope/ 2 B
410 B 527ms
130ms Fetch
application/json 35.188.42.15
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1475595/envelope/?sentry_key=730ba1a47ca448f3aa5aabf9e1c6cfa8&sentry_version=7

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/vendors-node_modules_sentry_browser_esm_sdk_js-node_modules_query-string_index_js-node_module-7cf4db.241faf50.chunk.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.simonmarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 08 Dec 2022 23:17:19 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: nginx
vary: Origin
Content-Type: application/json
access-control-allow-origin: https://www.simonmarkets.com
access-control-expose-headers: x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 2

GET
H2 200 Roboto-Regular.176f8f5bd5f02b3abfcf.woff2
www.simonmarkets.com/simon/static/media/ 15 KB
19 KB 119ms
118ms Font
font/woff2 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/media/Roboto-Regular.176f8f5bd5f02b3abfcf.woff2

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/css/core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.d44e176a.chunk.css

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

Referer: https://www.simonmarkets.com/simon/static/css/core_auth_CatchOriginalRoute_js-core_auth_useRestoreOriginalUrl_js-core_components_IFrameResi-b6f347.d44e176a.chunk.css
Origin: https://www.simonmarkets.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:19 GMT
x-kong-proxy-latency: 1
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 4
x-simon-external: True
content-length: 15736
x-xss-protection: 1; mode=block
x-trace-id: ecf5b8e7-3c4f-4995-acc9-17fde76f8440
last-modified: Thu, 08 Dec 2022 17:21:43 GMT
server: nginx/1.22.1
etag: "63921d27-3d78"
x-frame-options: SAMEORIGIN
content-type: font/woff2
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET

logout
auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/
Redirect Chain

https://www.simonmarkets.com/simon/auth/logout
https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.simonmarkets.com%2Fsimon%2F

0
0

GET
H/1.1 200
OK openid-configuration Show response
auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/.well-known/ 2 KB
3 KB 143ms
142ms Fetch
application/json 99.83.241.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/.well-known/openid-configuration

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.241.219 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa4314b2f84572f89.awsglobalaccelerator.com

Software

nginx /

Resource Hash

f74b50b1e34cd9c6f74d4f582087e836b4d3340dda5e74a2330365778c92abfc

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Accept: application/json
Referer: https://www.simonmarkets.com/
X-Okta-User-Agent-Extended: okta-auth-js/6.1.0
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: application/json

Response headers

X-Okta-Request-Id: Y5JwfwhI4CJ620pA_s-ahgAACnM
Date: Thu, 08 Dec 2022 23:17:19 GMT
Strict-Transport-Security: max-age=315360000; includeSubDomains
x-content-type-options: nosniff
content-security-policy-report-only: frame-ancestors 'self'
Transfer-Encoding: chunked
p3p: CP="HONK"
Connection: Keep-Alive
x-xss-protection: 0
Server: nginx
expect-ct: report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
vary: Origin
Content-Type: application/json
Access-Control-Allow-Origin: https://www.simonmarkets.com
cache-control: max-age=86400, must-revalidate
Access-Control-Allow-Credentials: true
Keep-Alive: timeout=5, max=99
expires: Fri, 09 Dec 2022 23:17:19 GMT

OPTIONS
H/1.1 200
OK openid-configuration
auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/.well-known/ Frame 0
0 516ms
148ms Preflight
application/octet-stream 99.83.241.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/.well-known/openid-configuration

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.241.219 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa4314b2f84572f89.awsglobalaccelerator.com

Software

nginx /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains

Request headers

Accept: */*
Access-Control-Request-Headers: content-type,x-okta-user-agent-extended
Access-Control-Request-Method: GET
Origin: https://www.simonmarkets.com
Sec-Fetch-Mode: cors
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Access-Control-Allow-Credentials: true
Access-Control-Allow-Headers: content-type,x-okta-user-agent-extended
Access-Control-Allow-Methods: GET, OPTIONS
Access-Control-Allow-Origin: https://www.simonmarkets.com
Access-Control-Max-Age: 3600
Connection: Keep-Alive
Content-Length: 0
Content-Type: application/octet-stream
Date: Thu, 08 Dec 2022 23:17:19 GMT
Keep-Alive: timeout=5, max=100
Server: nginx
Strict-Transport-Security: max-age=315360000; includeSubDomains
Vary: Origin
X-Okta-Request-Id: Y5JwfwhI4CJ620pA_s-ahQAACnM

GET
H/1.1 200
OK authorize Show response
auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/ Frame 9CC5 2 KB
2 KB 375ms
160ms Document
text/html 99.83.241.219
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL

https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/authorize?client_id=0oadjggdmyOlW19D12p7&code_challenge=GodXJjOfTh381NYVauYs9NI22FV3Ptu3fadttgclBnw&code_challenge_method=S256&nonce=NfNuR4eDKAbe5hcuJ45cgRWGOGWHFPrZ4lwarNuACZBLOJydGPrGqg2XpsoZzy6N&prompt=none&redirect_uri=https%3A%2F%2Fwww.simonmarkets.com%2Fsimon%2F&response_mode=okta_post_message&response_type=code&state=pxWQ3dWPI2HlUDGr6L0DXSpzfPuI9ujgqdKZqn3MkKjFvzjvABPe4ESQgLBEP0TL&scope=openid%20profile%20email

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

99.83.241.219 , United States, ASN16509 (AMAZON-02, US),

Reverse DNS

aa4314b2f84572f89.awsglobalaccelerator.com

Software

nginx /

Resource Hash

ede3be09e48f26cded7aacbd3e1b5ec17282084a290259b487dcbff34d14981c

Security Headers

Name	Value
Strict-Transport-Security	max-age=315360000; includeSubDomains
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.simonmarkets.com/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
accept-language: de-DE,de;q=0.9

Response headers

Connection: Keep-Alive
Content-Encoding: gzip
Content-Type: text/html;charset=utf-8
Date: Thu, 08 Dec 2022 23:17:20 GMT
Keep-Alive: timeout=5, max=100
Server: nginx
Strict-Transport-Security: max-age=315360000; includeSubDomains
Transfer-Encoding: chunked
Vary: Accept-Encoding
X-Robots-Tag: noindex,nofollow
cache-control: no-cache, no-store
content-language: de
expect-ct: report-uri="https://oktaexpectct.report-uri.com/r/t/ct/reportOnly", max-age=0
expires: 0
p3p: CP="HONK"
pragma: no-cache
referrer-policy: no-referrer
x-content-type-options: nosniff
x-okta-request-id: Y5JwgOt7K9bWRHIvn7PBqAAAAW0
x-rate-limit-limit: 60
x-rate-limit-remaining: 59
x-rate-limit-reset: 1670541500
x-xss-protection: 0

POST
H/1.1 200
OK / Show response
sentry.io/api/1475595/envelope/ 2 B
410 B 130ms
130ms Fetch
application/json 35.188.42.15
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1475595/envelope/?sentry_key=730ba1a47ca448f3aa5aabf9e1c6cfa8&sentry_version=7

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.simonmarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 08 Dec 2022 23:17:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: nginx
vary: Origin
Content-Type: application/json
access-control-allow-origin: https://www.simonmarkets.com
access-control-expose-headers: x-sentry-error, retry-after, x-sentry-rate-limits
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 2

POST
H/1.1 200
OK / Show response
sentry.io/api/1475595/envelope/ 2 B
410 B 265ms
130ms Fetch
application/json 35.188.42.15
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to

Full URL

https://sentry.io/api/1475595/envelope/?sentry_key=730ba1a47ca448f3aa5aabf9e1c6cfa8&sentry_version=7

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

35.188.42.15 Council Bluffs, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),

Reverse DNS

15.42.188.35.bc.googleusercontent.com

Software

nginx /

Resource Hash

44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload

Request headers

Referer: https://www.simonmarkets.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36
Content-Type: text/plain;charset=UTF-8

Response headers

Date: Thu, 08 Dec 2022 23:17:20 GMT
Strict-Transport-Security: max-age=31536000; includeSubDomains; preload
Server: nginx
vary: Origin
Content-Type: application/json
access-control-allow-origin: https://www.simonmarkets.com
access-control-expose-headers: x-sentry-rate-limits, retry-after, x-sentry-error
x-envoy-upstream-service-time: 0
Connection: keep-alive
Content-Length: 2

GET
H2 200 vendors-node_modules_tippyjs_react_dist_tippy-react_esm_js-node_modules_antd_lib_checkbox_ind-383f23.8dea4cbb.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 334 KB
93 KB 130ms
130ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/vendors-node_modules_tippyjs_react_dist_tippy-react_esm_js-node_modules_antd_lib_checkbox_ind-383f23.8dea4cbb.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

66da879047c2ae0abdd2502458389b926a82590a7ff983037a4eeedeff60307d

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
x-xss-protection: 1; mode=block
x-trace-id: b19e128e-e7c8-4cf2-936c-39222f3441a3
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-53631"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_components_Icon_svg_info_svg_react-core_components_Icon_svg_lock_svg_react-core_componen-e421ab.87df6a80.chunk.css
www.simonmarkets.com/simon/static/css/ 59 KB
16 KB 148ms
148ms Stylesheet
text/css 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/css/core_components_Icon_svg_info_svg_react-core_components_Icon_svg_lock_svg_react-core_componen-e421ab.87df6a80.chunk.css

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

c916ebe1a799b122bd6dcd5344dd9cd46a53a63ebb1296430056a1d88a586abd

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
content-length: 12942
x-xss-protection: 1; mode=block
x-trace-id: d0ed0457-a8a7-4c68-bf40-e0dc9fae4b0d
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-ea88"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_components_Icon_svg_info_svg_react-core_components_Icon_svg_lock_svg_react-core_componen-e421ab.b671cabf.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 293 KB
103 KB 230ms
229ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/core_components_Icon_svg_info_svg_react-core_components_Icon_svg_lock_svg_react-core_componen-e421ab.b671cabf.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

2454e7753c46175f07858f8ad6c1cf028e83e4f1a1e0a8d6665129ad144986b2

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
content-encoding: gzip
x-kong-proxy-latency: 1
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 1
x-simon-external: True
x-xss-protection: 1; mode=block
x-trace-id: b322d21a-e00f-4cbf-b905-c8b2c3645ce6
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-4945e"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_auth_AuthPage_js-core_images_mascots_simon-mascot-small_svg.60879967.chunk.js Show response
www.simonmarkets.com/simon/static/js/ 52 KB
15 KB 119ms
118ms Script
application/javascript 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/js/core_auth_AuthPage_js-core_images_mascots_simon-mascot-small_svg.60879967.chunk.js

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

50e0a0056b06cb0974d8aa3b05f6ba71a7e71226408b3d80cc72161426328f95

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
content-encoding: gzip
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
content-length: 12055
x-xss-protection: 1; mode=block
x-trace-id: 52860051-f94c-4685-b980-f0ca3206b018
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-d100"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
H2 200 core_auth_ActivateAccount_module_scss-core_auth_AuthPage_module_scss-core_auth_LoginPage_modu-7e00a00.8b4fef61.chunk.css
www.simonmarkets.com/simon/static/css/ 7 KB
5 KB 132ms
132ms Stylesheet
text/css 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to

Full URL

https://www.simonmarkets.com/simon/static/css/core_auth_ActivateAccount_module_scss-core_auth_AuthPage_module_scss-core_auth_LoginPage_modu-7e00a00.8b4fef61.chunk.css

Requested by

Host: www.simonmarkets.com
URL: https://www.simonmarkets.com/simon/static/js/main.acaba41c.js

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

b21e87c237a4113916df5f7e32c55819294d5d2e0e24b9f68c429fa500155d48

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
content-encoding: gzip
x-kong-proxy-latency: 2
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 1
x-simon-external: True
content-length: 2171
x-xss-protection: 1; mode=block
x-trace-id: e3722e11-8483-4672-8139-bf2c5ba72a43
last-modified: Thu, 08 Dec 2022 17:21:45 GMT
server: nginx/1.22.1
etag: "63921d29-1de8"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: text/css
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

GET
DATA 200
OK truncated
/ 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 813b2b9bf9d24f438d89929d6e64d01d1fe41a773f9165b44b2de290106f6579

Request headers

accept-language: de-DE,de;q=0.9
Referer
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

Content-Type: image/png

GET
H2 200 simon-mascot-small.3f2dd5b3d6b4c24c967d.svg
www.simonmarkets.com/simon/static/media/ 20 KB
24 KB 117ms
116ms Image
image/svg+xml 23.36.162.83
AKAMAI-ASN1

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.simonmarkets.com/simon/static/media/simon-mascot-small.3f2dd5b3d6b4c24c967d.svg

Protocol

Security

TLS 1.3, , AES_256_GCM

Server

23.36.162.83 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),

Reverse DNS

a23-36-162-83.deploy.static.akamaitechnologies.com

Software

nginx/1.22.1 /

Resource Hash

deb2b790f448e5027944245be677bc1e526c0cb0a2bb5b8f7cd17b67a356dc9f

Security Headers

Name	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.simonmarkets.com/simon/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/108.0.5359.98 Safari/537.36

Response headers

content-security-policy: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
strict-transport-security: max-age=31536000; includeSubDomains
x-content-type-options: nosniff
date: Thu, 08 Dec 2022 23:17:20 GMT
x-kong-proxy-latency: 0
content-security-policy-report-only: report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com *.figmarketing.com https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://fast.appcues.com https://*.olark.com https://aacdn.nagich.com; connect-src 'self' wss://*.simonmarkets.com:* simongroup.okta.com *.figmarketing.com https://*.akstat.io https://*.go-mpulse.net *.simonmarkets.com:* https://sentry.io https://*.sentry.io https://api.appcues.net wss://api.appcues.net https://*.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src *.simonmarkets.com:* *.figmarketing.com https://access.nagich.com *.simon.io:* simon.io:* simongroup.okta.com data: blob: https://*.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' *.simonmarkets.com:* *.figmarketing.com simongroup.okta.com https://fast.appcues.com https://*.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' *.simonmarkets.com:* *.figmarketing.com https://*.simon.io blob: https://*.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com *.figmarketing.com; font-src 'self' *.simonmarkets.com:* *.figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src *.simonmarkets.com:* *.figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' *.bonddesk.com:* https://*.usbank.com *.icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ *.ebix.com:* *.docusign.net:* *.docusign.com:* *.streetscape.com:* *.advisorchannel.com:* *.fidelity.com:* *.rjf.com:* *.rbc.com:* https://*.olark.com https://my.appcues.com *.bonddesk.com:* *.icapitalnetwork.com:* *.rjf.com:* https://form.typeform.com; worker-src blob: *.simonmarkets.com:* *.figmarketing.com; default-src *.simonmarkets.com:* 'unsafe-inline';
x-kong-upstream-latency: 2
x-simon-external: True
content-length: 20759
x-xss-protection: 1; mode=block
x-trace-id: 2a5208ad-ba92-4182-bfff-16ddba78a899
last-modified: Thu, 08 Dec 2022 17:21:44 GMT
server: nginx/1.22.1
etag: "63921d28-5117"
x-frame-options: SAMEORIGIN
content-type: image/svg+xml
cache-control: no-store, no-cache, must-revalidate
accept-ranges: bytes

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: auth.simonmarkets.com
URL: https://auth.simonmarkets.com/oauth2/aus12xhtrm4lv59w32p7/v1/logout?post_logout_redirect_uri=https%3A%2F%2Fwww.simonmarkets.com%2Fsimon%2F

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

5 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.simonmarkets.com/	1969-12-31 23:59:59	Name: akacd_www_simon Value: 3847994236~rv=29~id=011ee1014effd40b8ad47c68513a177f
.simonmarkets.com/	1970-01-20 08:02:28	Name: ak_bmsc Value: 006874054F6ACEA7E25A515320E49C82~000000000000000000000000000000~YAAQE6AkF++SZu+EAQAAR2wH9BKf9Y5AdQun7TSqnEShEWvhnbrl4FbUq0bLwONiVdQl12+uxdUW6q456fsMu/p3jwiBk7aXi5aKzWHmarzzGNHu5kg79i68+r+gtg0E4FgqXt9KKXllazy2nd3mQyhW03lXZVJP82NXCUxM16O7LEqJNv87JmLoU1cR6u88A+FFH4pftemf7857gt2SleDdzO2crEQXj++lqSdvav01QzBAI8gpNOAOc8LWtEJPmMLknzUhaoxu0yn9vflysVfeDLgnfyV3BrrVXMXnb2u6QJngcsndOmTYtBa7ltzBI2FNKjmgbWXSR7Soqj2go96PjF2anwyWWriFNTh/gs+xuSyK+rQ0qiQZhGBCGSgooGY0tn/+a8Ked4JVuWnraBnj
auth.simonmarkets.com/	1969-12-31 23:59:59	Name: JSESSIONID Value: 45879B41422F618938738B719ADD5B99
auth.simonmarkets.com/	1969-12-31 23:59:59	Name: t Value: sea
auth.simonmarkets.com/	1970-01-20 17:38:21	Name: DT Value: DI1egIY9HdvSjGjQHUUtzfV1A

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	report-uri /error-reporter/v1/csp-violations; script-src 'unsafe-inline' 'unsafe-eval' https://amp.akamaized.net simongroup.okta.com .figmarketing.com https://.go-mpulse.net .simonmarkets.com: https://sentry.io https://.sentry.io https://fast.appcues.com https://.olark.com https://aacdn.nagich.com; connect-src 'self' wss://.simonmarkets.com: simongroup.okta.com .figmarketing.com https://.akstat.io https://.go-mpulse.net .simonmarkets.com:* https://sentry.io https://.sentry.io https://api.appcues.net wss://api.appcues.net https://.olark.com https://fast.appcues.com https://aacdn.nagich.com https://access.nagich.com https://simon.io https://www.firelighteapp.com; img-src .simonmarkets.com: .figmarketing.com https://access.nagich.com .simon.io:* simon.io:* simongroup.okta.com data: blob: https://.olark.com https://www.firelighteapp.com https://res.cloudinary.com; style-src 'unsafe-inline' .simonmarkets.com:* .figmarketing.com simongroup.okta.com https://fast.appcues.com https://.olark.com https://res.cloudinary.com https://fonts.googleapis.com; media-src 'self' .simonmarkets.com: .figmarketing.com https://.simon.io blob: https://.olark.com; frame-ancestors 'self' https://clientworkseqh.lpl.com https://clientworks.lpl.com .figmarketing.com; font-src 'self' .simonmarkets.com: .figmarketing.com 'unsafe-inline' https://fonts.gstatic.com data:; frame-src .simonmarkets.com:* .figmarketing.com https://infonet.corp.isib.net https://clientworkseqh.lpl.com https://clientworks.lpl.com https://clientworkseqh.lpl.com https://clientworks.lpl.com 'unsafe-inline' .bonddesk.com:* https://.usbank.com .icapitalnetwork.com:* https://aacdn.nagich.com/ https://access.nagich.com/ .ebix.com: .docusign.net: .docusign.com: .streetscape.com: .advisorchannel.com: .fidelity.com: .rjf.com: .rbc.com: https://.olark.com https://my.appcues.com .bonddesk.com:* .icapitalnetwork.com: .rjf.com: https://form.typeform.com; worker-src blob: .simonmarkets.com: .figmarketing.com; default-src .simonmarkets.com:* 'unsafe-inline';
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

auth.simonmarkets.com
cdn.mxpnl.simonmarkets.com
sentry.io
simonmarkets.com
www.simonmarkets.com
auth.simonmarkets.com
23.36.162.83
35.188.42.15
52.216.160.146
99.83.241.219
2454e7753c46175f07858f8ad6c1cf028e83e4f1a1e0a8d6665129ad144986b2
28eb6b4236a2b1ef7d570deeae02039629020889eb90b7671c8db761f28912be
2e05561dd579379a621351165e9d8de70870c31680c802e78d88a30b373fcb7b
398c6ce8bd1ced484cd655adbcb838fa585b28b498c7823acc676c10af7ce811
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
48c3fa6f86c54f1d9bb519220713d4b0a1f8cd1a589a3c03b9fa82e98ecb13e3
50e0a0056b06cb0974d8aa3b05f6ba71a7e71226408b3d80cc72161426328f95
61abc92c3e7a3930d7ab8da0507c62064a348ca902c78cc2c870564224b2ef44
66da879047c2ae0abdd2502458389b926a82590a7ff983037a4eeedeff60307d
813b2b9bf9d24f438d89929d6e64d01d1fe41a773f9165b44b2de290106f6579
8fa527c4f625afdec38b198b0cc23c875cc9b30e34ec063f8a4b15cd7881023c
ae0f0ff2370cb2e1e1d0db94f2ae7df5553a7815b8a0db512aa657e4246a361e
b21e87c237a4113916df5f7e32c55819294d5d2e0e24b9f68c429fa500155d48
c916ebe1a799b122bd6dcd5344dd9cd46a53a63ebb1296430056a1d88a586abd
d1e4c1dabd701faeb8d5877d0a206c744f66104378d9ec74d87c44ca0d018c09
da7a511c69cdf1e0f950a29019d09854b8919bc154bb95fe5d5ec580ed2f0997
deb2b790f448e5027944245be677bc1e526c0cb0a2bb5b8f7cd17b67a356dc9f
ede3be09e48f26cded7aacbd3e1b5ec17282084a290259b487dcbff34d14981c
ef367055d74ebdcdd6bd715e6769a75b84092ce8d0205bb4c612d805b3ae0081
f74b50b1e34cd9c6f74d4f582087e836b4d3340dda5e74a2330365778c92abfc

www.simonmarkets.com Open in urlscan Pro 23.36.162.83 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

23 Requests

96 %HTTPS

0 %IPv6

2 Domains

5 Subdomains

4 IPs

2 Countries

1083 kBTransfer

3500 kBSize

5 Cookies

6 Outgoing links

Page URL History

Redirected requests

23 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 1 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Failed requests

Verdicts & Comments Add Verdict or Comment

9 JavaScript Global Variables

5 Cookies

Security Headers

Indicators

www.simonmarkets.com Open in urlscan Pro
23.36.162.83 Public Scan

Screenshot
Live screenshot

Full Image

23
Requests

96 %
HTTPS

0 %
IPv6

2
Domains

5
Subdomains

4
IPs

2
Countries

1083 kB
Transfer

3500 kB
Size

5
Cookies

23 HTTP transactions
1 data transactions