GET
H2
|
200
|
Primary Request
/
Show response
www.flagstar.com/
Redirect Chain
-
https://amtrustbank.com/
-
https://www.mynycb.com/
-
https://www.flagstar.com/
|
324 KB
40 KB
|
173ms
93ms
|
Document
text/html |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 790380b6afb6cb7128b579c025c586c2913b58467a6af88841e31136c04798cf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
ruxitagentjs_ICA7NVfghqru_10299241001084140.js
Show response
www.flagstar.com/
|
217 KB
84 KB
|
47ms
44ms
|
Script
text/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 106ebd28609463d66a250fcca7140c24dbdf37171a1966c3dcff40cee4a579e1
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
214 KB
16 KB
|
81ms
79ms
|
Stylesheet
text/css |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9d6c8b30f7e100ee333e01d26dc76c05bc88c8db65585390f7159952c2805f15
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-common.00dc7382026d5b4999d7d0890a1d6e9a.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
8 KB
6 KB
|
63ms
60ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-common.00dc7382026d5b4999d7d0890a1d6e9a.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 0ac6af653837591fbf65a8281e8dc5e1ee3bcb5d8c8d4ab9260c2a05548d2483
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
launch-bc7a3f427c28.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/
|
309 KB
83 KB
|
237ms
71ms
|
Script
application/x-javascript |
2600:141b:1c00:209e::1e80
AKAMAI-ASN1
|
|
|
GET
H2
|
200
|
chatdeployment.js
Show response
www.flagstar.com/content/dam/newco/script/
|
42 KB
15 KB
|
64ms
62ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/script/chatdeployment.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8ff54385f2146f44f6d729ffb360b04ca6f42fa3c49e185b517d5ab0ac02e9b5
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
0
4 KB
|
63ms
61ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
0
4 KB
|
60ms
59ms
|
Stylesheet
text/css |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
307 KB
50 KB
|
66ms
65ms
|
Stylesheet
text/css |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1ca8cedfa7ef78251b60711c3ebd08183db4d983f7f08799f1d8699dbdb204f0
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
help-circle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
831 B
4 KB
|
64ms
63ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/help-circle.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
map-pin.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
611 B
3 KB
|
64ms
64ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/map-pin.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
globe.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
844 B
4 KB
|
45ms
45ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/globe.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
Logo.png
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
10 KB
13 KB
|
45ms
44ms
|
Image
image/png |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/Logo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
57ms
43ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_checking-savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_debit-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
62ms
48ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_debit-credit-cards.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_ways-to-bank.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
58ms
44ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_ways-to-bank.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_buy-a-home.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
68ms
54ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_buy-a-home.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_get-cash.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
57ms
44ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_get-cash.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_purchase-a-vehicle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
67ms
54ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_purchase-a-vehicle.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_flagstar-wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
6 KB
5 KB
|
63ms
50ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_flagstar-wealth-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_financial-solutions.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
72ms
58ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_financial-solutions.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_online-banking.svg
www.flagstar.com/content/dam/newco/small-business/icons/
|
2 KB
4 KB
|
65ms
52ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/small-business/icons/icon-card_online-banking.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- af1f1ab4486fb5cf16d970933da094dd2f1fe06a22a3d4ab596137df806e900c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_insights.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
5 KB
|
66ms
53ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_insights.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_tools-calculators.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
65ms
53ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_tools-calculators.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_how-to-guides.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
73ms
61ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_how-to-guides.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_faqs.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
1 KB
4 KB
|
72ms
60ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_faqs.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_sign-up.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
1 KB
5 KB
|
67ms
54ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_sign-up.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
69ms
56ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-checking-savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
70ms
57ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-credit-cards.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-loans.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
11 KB
5 KB
|
67ms
55ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-loans.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-lines-of-credit.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
82ms
69ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-lines-of-credit.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_commercial-mortgage.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
6 KB
4 KB
|
122ms
110ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_commercial-mortgage.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_treasury-management1.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
94ms
82ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management1.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
105ms
93ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_sectors.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
87ms
75ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_sectors.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_treasury-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
88ms
76ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_banking-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
86ms
74ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_banking-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_investment-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
109ms
98ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_investment-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_specialized-expertise.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
109ms
98ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_specialized-expertise.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_private-banking.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
89ms
78ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_private-banking.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_credit-lending.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
93ms
82ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_credit-lending.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_wealth-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
115ms
105ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-management.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_about-us.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
1 KB
4 KB
|
113ms
102ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_about-us.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_our-approach.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
107ms
97ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_our-approach.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H3
|
200
|
answers.css
assets.sitescdn.net/answers-search-bar/v1.5/
|
103 KB
13 KB
|
226ms
164ms
|
Stylesheet
text/css |
104.17.24.84
CLOUDFLARENET
|
|
|
GET
H3
|
200
|
answers.min.js
Show response
assets.sitescdn.net/answers-search-bar/v1.5/
|
434 KB
116 KB
|
103ms
42ms
|
Script
text/javascript |
104.17.24.84
CLOUDFLARENET
|
|
|
GET
H3
|
200
|
answerstemplates.compiled.min.js
Show response
assets.sitescdn.net/answers-search-bar/v1.5/
|
81 KB
21 KB
|
225ms
164ms
|
Script
text/javascript |
104.17.24.84
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
Answers.js
Show response
www.flagstar.com/content/dam/newco/script/
|
628 B
4 KB
|
66ms
50ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/script/Answers.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
Megaphone%201.svg
www.flagstar.com/content/dam/newco/global/icons/
|
886 B
4 KB
|
118ms
108ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global/icons/Megaphone%201.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_mobile-banking.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
2 KB
4 KB
|
119ms
109ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_mobile-banking.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8e4cca3bbb8ed7af7833a8884fdaf2143261208efb10c8ae145049dac5ef81af
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_savings.svg
www.flagstar.com/content/dam/newco/icons/
|
4 KB
5 KB
|
104ms
94ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/icons/icon-card_savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 2e4240ea75a8fc43a0d1b9067ab501efde70576e4e811dc9ee0e8fa876281aaf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_convenient.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
2 KB
5 KB
|
110ms
101ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_convenient.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 812067fd221bd6fbf8207c4cfdefb95e6ddd8b91ab10a7fb722bcc7e5f6bb055
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_no-overdraft-fees.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
2 KB
4 KB
|
95ms
86ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_no-overdraft-fees.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 5649b379e7e5a0553117a4167002681463971df81794401147acb31f9f5861a0
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_mobile-debit-card.svg
www.flagstar.com/content/dam/newco/icons/
|
2 KB
5 KB
|
114ms
105ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/icons/icon-card_mobile-debit-card.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e18a31e36435d1ab770385bc4891cba9ede46bf18e2852e4871ebbe1de50cac0
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_universal-life-insurance.svg
www.flagstar.com/content/dam/newco/personal/investing/icons/
|
1 KB
4 KB
|
112ms
103ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/investing/icons/icon-card_universal-life-insurance.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 6f2c4e4636ba942b904d8c4747a6877f3c9789b7f24045227e5e8da2fe00cfbc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_connect.svg
www.flagstar.com/content/dam/newco/private-bank/icons/
|
3 KB
5 KB
|
108ms
100ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/private-bank/icons/icon-card_connect.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- dd2ca2a7b4da7ffa3388b9143ed2d057d63b3f90bc5e6d9a93e5832b97f1acba
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-savings.svg
www.flagstar.com/content/dam/newco/small-business/icons/
|
2 KB
4 KB
|
88ms
79ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/small-business/icons/icon-card_business-savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 101a3616b2fd9ea4a6a58ec21129d2c35723b254262dc6de3db45252b4d6e117
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_online.svg
www.flagstar.com/content/dam/newco/commercial/icons/
|
6 KB
5 KB
|
114ms
106ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/commercial/icons/icon-card_online.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 846ad5a16e529f003b700e579f21bde107e581a234a02d5e69e3f2e4948a2bc7
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_diy.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
49 KB
53 KB
|
92ms
84ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_diy.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f3fd8f0b4efbc09ab9731ad8e740ada815cf39a4f142156679fda7ff787f374e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_article-billpay.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
38 KB
42 KB
|
86ms
78ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_article-billpay.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 56f75552c700060731d32832d024e63614416cc61a14fda2980a80fb74a0145e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_scam.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
40 KB
44 KB
|
111ms
103ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_scam.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 6f6d85400e05610623a51e7a646644d6db658b1875047b0dfeeff450e7b9b5c2
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_calculator
www.flagstar.com/content/dam/newco/global/icons/
|
2 KB
4 KB
|
140ms
132ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global/icons/icon-card_calculator
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_first-time-home-buyer.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
2 KB
4 KB
|
91ms
83ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_first-time-home-buyer.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_mortgage-approved-or-closed-home-loans.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
3 KB
5 KB
|
101ms
93ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_mortgage-approved-or-closed-home-loans.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_connect.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
3 KB
5 KB
|
94ms
86ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_connect.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_about-flagstar.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
28 KB
32 KB
|
103ms
96ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_about-flagstar.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_community-involvement.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
57 KB
61 KB
|
101ms
94ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_community-involvement.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_diversity-equity-and-inclusion.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
19 KB
23 KB
|
113ms
107ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_diversity-equity-and-inclusion.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
FooterLogo.png
www.flagstar.com/content/dam/newco/footer/
|
5 KB
8 KB
|
104ms
97ms
|
Image
image/png |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/FooterLogo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
facebook.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
113ms
107ms
|
Image
image/png |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/facebook.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
twitter.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
106ms
100ms
|
Image
image/png |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/twitter.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
linkedin.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
105ms
99ms
|
Image
image/png |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/linkedin.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-site.09742603ddcba02997ece7f231882f6e.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
60 KB
16 KB
|
61ms
46ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.09742603ddcba02997ece7f231882f6e.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- c532723c4b4ad14f263062def35b5cde5ac21b338ad19c33730495ba30bd60ed
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
container.027d01df25f17066242db969c9bf2ade.js
Show response
www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/
|
6 KB
2 KB
|
101ms
96ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Show response
www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/
|
10 KB
3 KB
|
109ms
104ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
159 KB
33 KB
|
111ms
106ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
vcd15cbe7772f49c399c6a5babf22c1241717689176015
Show response
static.cloudflareinsights.com/beacon.min.js/
|
19 KB
7 KB
|
118ms
42ms
|
Script
text/javascript |
2606:4700::6810:4f49
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
Fellix-Medium.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
54 KB
|
99ms
99ms
|
Font
font/woff |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Medium.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
DATA
|
200
OK
|
truncated
/
|
718 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
Fellix-Regular.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
54 KB
|
85ms
85ms
|
Font
font/woff |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Regular.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
DATA
|
200
OK
|
truncated
/
|
572 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
Fellix-SemiBold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
55 KB
|
43ms
43ms
|
Font
font/woff |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-SemiBold.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
token.json
Show response
www.flagstar.com/libs/granite/csrf/
|
2 B
172 B
|
90ms
90ms
|
XHR
application/json |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/libs/granite/csrf/token.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
hero-2_performance-savings.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
|
60 KB
64 KB
|
42ms
41ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_performance-savings.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 519302d475d3b3d4f2a2e20ca937787f6b61c1674e07a1e2a63834a7b4a1cc8e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
DATA
|
200
OK
|
truncated
/
|
387 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
DATA
|
200
OK
|
truncated
/
|
485 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
DATA
|
200
OK
|
truncated
/
|
4 KB
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
Fellix-Bold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
54 KB
|
45ms
44ms
|
Font
font/woff |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Bold.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.4dc0524a6b992d26e0d1b57fa4d3352d.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
hero-2_performance-savings.jpg.thumb.1121.1121.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
|
60 KB
64 KB
|
43ms
43ms
|
Image
image/jpeg |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_performance-savings.jpg.thumb.1121.1121.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e41afb3c92bc1f907a6dee3f7278423c03ecc0a285e38ae34aa237019cb8904f
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H/1.1
|
200
OK
|
MultiNoun.jsonp
Show response
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/
|
226 B
590 B
|
289ms
61ms
|
Script
text/javascript |
13.109.189.112
SALESFORCE
|
|
General
- Full URL
- https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_256_GCM
- Server
-
13.109.189.112
, United States,
ASN14340
(SALESFORCE, US),
- Reverse DNS
- dcl14-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com
- Software
-
/
- Resource Hash
- d2cb3753a32c49a2cf80e337ba53e3128fc4d959064931ecd0bfb274f2e8e697
- Security Headers
-
Name |
Value |
X-Content-Type-Options |
nosniff |
|
POST
H2
|
200
|
3202410
answers.yext-pixel.com/realtimeanalytics/data/answers/
|
0
437 B
|
216ms
85ms
|
Ping
text/plain |
2606:4700::6811:45f
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
icon-card_cd-pricing.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
2 KB
5 KB
|
43ms
41ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_cd-pricing.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- bb9fe8b12fc2491bca2e73cf4b836646d715c94623941662ee057998878487dc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_home-loan.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
2 KB
4 KB
|
44ms
43ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_home-loan.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- b8b67438b801a7e42b5cc7f3536e427d47607f7349b2013c8b4d043080bb56b7
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_refinance.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
2 KB
4 KB
|
46ms
45ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_refinance.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- c1aceba1e14a0e0e3c6da8d1f89744cd0154ad78d41a254f32278e79a6a827a5
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_service+expertise.svg
www.flagstar.com/content/dam/newco/private-bank/icons/
|
2 KB
4 KB
|
43ms
42ms
|
Image
image/svg+xml |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/private-bank/icons/icon-card_service+expertise.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a8c89bc90fe5064617ed17eb7c16551ca5abbd70fa13494b2075447fb5e15743
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H3
|
200
|
fbevents.js
Show response
connect.facebook.net/en_US/
|
226 KB
58 KB
|
125ms
60ms
|
Script
application/x-javascript |
31.13.71.7
FACEBOOK
|
|
General
- Full URL
- https://connect.facebook.net/en_US/fbevents.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H3
- Security
- QUIC,
, AES_128_GCM
- Server
-
31.13.71.7
Secaucus, United States,
ASN32934
(FACEBOOK, US),
- Reverse DNS
- xx-fbcdn-shv-01-lga3.fbcdn.net
- Software
-
/
- Resource Hash
- 48ba1993011db4834882d81b2153753437607292f704a6543d4466c0f6d1372a
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; |
Strict-Transport-Security |
max-age=31536000; preload; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
DENY |
X-Xss-Protection |
0 |
|
GET
H2
|
200
|
otSDKStub.js
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
|
20 KB
7 KB
|
126ms
56ms
|
Script
application/javascript |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/otSDKStub.js
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
pnapi_integration-latest.min.js
Show response
solutions.invocacdn.com/js/
|
110 KB
35 KB
|
270ms
70ms
|
Script
text/javascript |
3.168.122.94
AMAZON-02
|
|
|
GET
H2
|
200
|
b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
|
4 KB
2 KB
|
116ms
50ms
|
XHR
application/json |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H3
|
200
|
1507898736628275
Show response
connect.facebook.net/signals/config/
|
79 KB
16 KB
|
65ms
64ms
|
Script
application/x-javascript |
31.13.71.7
FACEBOOK
|
|
General
- Full URL
- https://connect.facebook.net/signals/config/1507898736628275?v=2.9.170&r=stable&domain=www.flagstar.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C82%2C87%2C47%2C46%2C86%2C37%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
- Requested by
- Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
- Protocol
- H3
- Security
- QUIC,
, AES_128_GCM
- Server
-
31.13.71.7
Secaucus, United States,
ASN32934
(FACEBOOK, US),
- Reverse DNS
- xx-fbcdn-shv-01-lga3.fbcdn.net
- Software
-
/
- Resource Hash
- bb9d1b48fa143b3d14b668654cc409c7228c6478a8ccc2ed3b0fd1cc21e77cbb
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'self' data: blob: *;script-src 'unsafe-inline' *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script'; |
Strict-Transport-Security |
max-age=31536000; preload; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
DENY |
X-Xss-Protection |
0 |
|
GET
H/1.1
|
200
OK
|
Settings.jsonp
Show response
d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/
|
721 B
707 B
|
252ms
57ms
|
Script
text/javascript |
13.110.254.28
SALESFORCE
|
|
General
- Full URL
- https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=7fa9127a-4fe0-4ba4-aaf0-ae0854c0189e&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_256_GCM
- Server
-
13.110.254.28
, United States,
ASN14340
(SALESFORCE, US),
- Reverse DNS
- dcl9-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com
- Software
-
/
- Resource Hash
- 0a9ff70a191b2cee41b6cdcab7f1892f2cbdb3b530e4a82a21bb88be52aa408c
- Security Headers
-
Name |
Value |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otBannerSdk.js
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/
|
429 KB
105 KB
|
44ms
43ms
|
Script
application/javascript |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 65012dbad33bb892a9d4eebcebd61daeba685db0d4e49af74bbd1a26dbc7d61c
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
tag-live.js
Show response
solutions.invocacdn.com/js/networks/1429/2586959106/
|
10 KB
2 KB
|
63ms
61ms
|
Script
text/javascript |
3.168.122.94
AMAZON-02
|
|
|
GET
H2
|
200
|
en.json
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/
|
77 KB
17 KB
|
47ms
46ms
|
Fetch
application/json |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otFlat.json
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
|
13 KB
3 KB
|
41ms
40ms
|
Fetch
application/json |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otPcTab.json
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/
|
63 KB
13 KB
|
42ms
41ms
|
Fetch
application/json |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otCommonStyles.css
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
|
21 KB
4 KB
|
44ms
44ms
|
Fetch
text/css |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
RC34e7beef8e594f13becef7bbaee20ac8-source.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/45022baf576b/
|
369 B
489 B
|
70ms
69ms
|
Script
application/x-javascript |
2600:141b:1c00:209e::1e80
AKAMAI-ASN1
|
|
|
GET
H/1.1
|
200
OK
|
na.jsonp
Show response
pnapi.invoca.net/1429/
|
197 B
375 B
|
260ms
70ms
|
Script
text/plain |
44.205.139.80
AMAZON-AES
|
|
General
- Full URL
- https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.34.0&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22calling_page%22%3A%22%2F%22%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22journey%22%3A%22%2F%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22invoca_id%22%3A%22i-fdf85bda-df81-4b66-d940-eb7b51425d4d%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A16%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22beaconSupported%22%2C%22counter%22%5D%5D&jsoncallback=json_rr1&
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_128_GCM
- Server
-
44.205.139.80
Ashburn, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ec2-44-205-139-80.compute-1.amazonaws.com
- Software
-
Goliath /
- Resource Hash
- 3597798209043f87fd244264656ded3d65358cba85c45e3d3eeb0d223022ff87
|
GET
H2
|
200
|
ot_close.svg
cdn.cookielaw.org/logos/static/
|
651 B
624 B
|
40ms
40ms
|
Image
image/svg+xml |
2606:4700::6812:572a
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
ot_guard_logo.svg
Show response
cdn.cookielaw.org/logos/static/
|
497 B
517 B
|
51ms
51ms
|
Fetch
image/svg+xml |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
FlagstarLogo.png
cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/
|
4 KB
4 KB
|
53ms
49ms
|
Image
mage/png |
2606:4700::6812:572a
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/FlagstarLogo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6812:572a
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
|
5 KB
2 KB
|
45ms
43ms
|
Image
image/svg+xml |
2606:4700::6812:572a
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
resizeMcpIframes.js
Show response
www.flagstar.com/content/dam/newco/script/
|
699 B
4 KB
|
43ms
43ms
|
Script
application/javascript |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/script/resizeMcpIframes.js
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 037a28a4fc84a66e4bc4d35fb7d681cc3c874e3508b303f880ebbe62ef87e4aa
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://challenges.cloudflare.com https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com https://px.ads.linkedin.com https://*.foreseeresults.com wss://*.foresee.com https://*.crazyegg.com https://*.invoca.net; font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com https://gateway.foresee.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com https://*.perfdrive.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://challenges.cloudflare.com https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com https://snap.licdn.com https://www.onlinebanktours.com https://*.cloudflareinsights.com https://*.crazyegg.com; style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com https://*.crazyegg.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com https://www.onlinebanktours.com;frame-src 'self' *.flagstar.com https://*.cloudflare.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com https://onlinebanktours.com https://www.onlinebanktours.com https://*.crazyegg.com; frame-ancestors 'self' *.flagstar.com https://*.cloudflare.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://*.cloudflare.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net https://px.ads.linkedin.com https://cdn.oectours.com https://www.onlinebanktours.com https://www.linkedin.com https://*.crazyegg.com;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com blob:; worker-src 'self' blob:; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
POST
H2
|
200
|
interact
Show response
adobedc.demdex.net/ee/v1/
|
729 B
923 B
|
224ms
61ms
|
Fetch
application/json |
63.140.39.65
AMAZON-AES
|
|
General
- Full URL
- https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=c0a18a6f-4870-4a69-9d1f-f0b967f4f002
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
63.140.39.65
, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ip-63-140-39-65.data.adobedc.net
- Software
-
jag /
- Resource Hash
- 989f520b67c2388c0ed7bb3b16c6b329f32547fd81acd6b28f089be42bce47f7
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
iframe_api
Show response
www.youtube.com/
|
993 B
2 KB
|
222ms
86ms
|
Script
text/javascript |
2607:f8b0:4006:822::200e
GOOGLE
|
|
General
- Full URL
- https://www.youtube.com/iframe_api
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2607:f8b0:4006:822::200e
, United States,
ASN15169
(GOOGLE, US),
- Reverse DNS
- Software
-
ESF /
- Resource Hash
- f0a9ccfb28593300ec42b74cf106ed6c3d33f3f6acaed0a87e83b4c6dbf5a383
- Security Headers
-
Name |
Value |
Content-Security-Policy |
require-trusted-types-for 'script' |
Strict-Transport-Security |
max-age=31536000 |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
0 |
|
POST
H2
|
204
|
rum
Show response
www.flagstar.com/cdn-cgi/
|
0
157 B
|
35ms
34ms
|
XHR
text/plain |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/cdn-cgi/rum?
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Security Headers
-
Name |
Value |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
DENY |
|
GET
H2
|
200
|
favicon.ico
www.flagstar.com/
|
15 KB
10 KB
|
43ms
42ms
|
Other
image/x-icon |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/favicon.ico
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 930a9e10430daabc159f18878082a300d13832fb01291049600928d4a7b64c69
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/45022baf576b/
|
751 B
665 B
|
71ms
69ms
|
Script
application/x-javascript |
2600:141b:1c00:209e::1e80
AKAMAI-ASN1
|
|
|
GET
H2
|
200
|
RC16d7e6bf9991438aae4d2fdf78410573-source.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/45022baf576b/
|
1000 B
658 B
|
68ms
68ms
|
Script
application/x-javascript |
2600:141b:1c00:209e::1e80
AKAMAI-ASN1
|
|
|
POST
H2
|
200
|
interact
Show response
edge.adobedc.net/ee/va6/v1/
|
520 B
710 B
|
200ms
62ms
|
Fetch
application/json |
63.140.39.248
AMAZON-AES
|
|
General
- Full URL
- https://edge.adobedc.net/ee/va6/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=b61ec7c4-c5b7-4409-8575-9ec86de0a2f8
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
63.140.39.248
, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ip-63-140-39-248.data.adobedc.net
- Software
-
jag /
- Resource Hash
- 6f995353ccaa4d3f4ab02cb84829d9cf9c2c94cc229ef758cfebdf343b0a00b2
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
www-widgetapi.js
Show response
www.youtube.com/s/player/bbc52cb2/www-widgetapi.vflset/
|
31 KB
10 KB
|
62ms
61ms
|
Script
text/javascript |
2607:f8b0:4006:822::200e
GOOGLE
|
|
|
POST
H2
|
200
|
rb_05a5443f-7bda-433a-9644-5a320a8634a5
Show response
www.flagstar.com/
|
119 B
256 B
|
84ms
82ms
|
Fetch
text/plain |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_2_sn_70F436559355CE5CEF69927F3BE6FAA0_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=2&flavor=post&vi=IPJRNMBDPJFEAFFHCKHRRJJRUHFMSUCB-0&modifiedSince=1727820127614&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=3980256690&en=ov27eoh7&end=1
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 933610b746404546f13dc49f428697c6f1bcc62b1680a134deedc05e0b96de84
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H/1.1
|
200
OK
|
na.jsonp
Show response
pnapi.invoca.net/1429/
|
197 B
376 B
|
77ms
77ms
|
Script
text/plain |
44.205.139.80
AMAZON-AES
|
|
General
- Full URL
- https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.34.0&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22invoca_id%22%3A%22i-fdf85bda-df81-4b66-d940-eb7b51425d4d%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22adobe_id%22%3A%22not_found%22%2C%22Agent%22%3Anull%2C%22branch_address%22%3Anull%2C%22branch_city%22%3Anull%2C%22branch_code%22%3Anull%2C%22branch_name%22%3Anull%2C%22branch_state%22%3Anull%2C%22calling_page%22%3A%22%2F%22%2C%22callTreatment%22%3Anull%2C%22CID%22%3Anull%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22customer_id%22%3Anull%2C%22dclid%22%3Anull%2C%22Disposition%22%3Anull%2C%22e%22%3Anull%2C%22email_name%22%3Anull%2C%22gclid%22%3Anull%2C%22gclsrc%22%3Anull%2C%22j%22%3Anull%2C%22jb%22%3Anull%2C%22journey%22%3A%22%2F%22%2C%22l%22%3Anull%2C%22Lead_Record_Type%22%3Anull%2C%22LOB%22%3Anull%2C%22mid%22%3Anull%2C%22msclkid%22%3Anull%2C%22offline_destination%22%3Anull%2C%22Opportunity_Record_Type%22%3Anull%2C%22Parent_Campaign_Name%22%3Anull%2C%22profile_name%22%3Anull%2C%22sk%22%3Anull%2C%22ua%22%3Anull%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22verified_zip%22%3Anull%2C%22ga_measurement_id%22%3A%22not_found%22%2C%22ga_session_id%22%3A%22not_found%22%2C%22g_cid%22%3A%22not_found%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A16%2C%22platform%22%3A%22Linux%20x86_64%22%2C%22screenWidth%22%3A1600%2C%22screenHeight%22%3A1200%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22initialLoad%22%2C1727951184852%5D%2C%5B%22startRun%22%2C1727951184943%5D%2C%5B%22startCollectPlacements%22%2C1727951184945%5D%2C%5B%22endCollectPlacements%22%2C1727951184993%5D%2C%5B%22startMapNumberRequest%22%2C1727951184993%5D%2C%5B%22endMapNumberRequest%22%2C1727951185258%5D%2C%5B%22endNumberReplacement%22%2C1727951185258%5D%2C%5B%22startWaitForData%22%2C1727951185995%5D%2C%5B%22endWaitForData%22%2C1727951187166%5D%5D&jsoncallback=json_rr2&
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_128_GCM
- Server
-
44.205.139.80
Ashburn, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ec2-44-205-139-80.compute-1.amazonaws.com
- Software
-
Goliath /
- Resource Hash
- 7cd9bf118a9f2c3a558bc3cfbf7098cd5866efb4d9ab28a0916a79d9cb2fd320
|
POST
H2
|
200
|
rb_05a5443f-7bda-433a-9644-5a320a8634a5
Show response
www.flagstar.com/
|
119 B
214 B
|
151ms
146ms
|
Fetch
text/plain |
104.18.34.61
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_2_sn_70F436559355CE5CEF69927F3BE6FAA0_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=2&flavor=post&vi=IPJRNMBDPJFEAFFHCKHRRJJRUHFMSUCB-0&modifiedSince=1727820127614&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=2598359822&en=ov27eoh7&end=1
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghqru_10299241001084140.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.34.61
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 933610b746404546f13dc49f428697c6f1bcc62b1680a134deedc05e0b96de84
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|