Submitted URL: http://www.cartabcc.it/
Effective URL: https://www.cartabcc.it/Pagine/default.aspx
Submission: On November 30 via api from IT — Scanned from IT

Summary

This website contacted 43 IPs in 10 countries across 35 domains to perform 222 HTTP transactions. The main IP is 149.154.92.61, located in Sesto San Giovanni, Italy and belongs to ICCREA-AS, IT. The main domain is www.cartabcc.it.
TLS certificate: Issued by Thawte EV RSA CA 2018 on June 22nd 2021. Valid for: a year.
This is the only time www.cartabcc.it was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 121 149.154.92.61 57144 (ICCREA-AS)
1 2a00:1450:400... 15169 (GOOGLE)
1 48 2a03:2880:f11... 32934 (FACEBOOK)
9 2a03:2880:f01... 32934 (FACEBOOK)
1 2a02:2638:1::3 44788 (ASN-CRITE...)
1 142.250.186.66 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 37.157.2.247 198622 (ADFORM)
2 3 37.157.2.238 198622 (ADFORM)
2 2a03:2880:f04... 32934 (FACEBOOK)
1 2 216.58.212.166 15169 (GOOGLE)
1 2 2a02:2638::1c 44788 (ASN-CRITE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 178.250.0.157 44788 (ASN-CRITE...)
1 2a00:1450:400... 15169 (GOOGLE)
1 178.250.2.151 44788 (ASN-CRITE...)
1 1 142.250.185.226 15169 (GOOGLE)
3 178.250.0.163 44788 (ASN-CRITE...)
1 64.202.112.159 22075 (AS-OUTBRAIN)
1 8.39.36.141 26667 (RUBICONPR...)
1 185.86.139.115 201081 (SMARTADSE...)
3 4 185.33.221.13 29990 (ASN-APPNEX)
3 3 185.33.221.90 29990 (ASN-APPNEX)
2 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2a00:1288:80:... 203220 (YAHOO-DEB)
1 4 18.156.0.31 16509 (AMAZON-02)
1 2 54.246.208.198 16509 (AMAZON-02)
1 185.64.189.110 62713 (AS-PUBMATIC)
1 2 2.18.234.21 16625 (AKAMAI-AS)
1 141.226.228.48 200478 (TABOOLA-AS)
1 37.157.4.24 198622 (ADFORM)
1 104.111.242.245 16625 (AKAMAI-AS)
1 2 13.248.245.213 16509 (AMAZON-02)
1 2 3.127.120.47 16509 (AMAZON-02)
1 2.21.140.74 16625 (AKAMAI-AS)
1 18.157.150.79 16509 (AMAZON-02)
1 185.255.84.152 200271 (IGUANE-)
1 1 2.21.142.210 16625 (AKAMAI-AS)
1 2001:4de0:ac1... 20446 (HIGHWINDS3)
3 3 35.157.177.200 16509 (AMAZON-02)
1 35.186.243.160 15169 (GOOGLE)
1 18.214.196.229 14618 (AMAZON-AES)
1 2 104.19.132.78 13335 (CLOUDFLAR...)
1 2600:9000:20e... 16509 (AMAZON-02)
2 2 54.84.59.211 14618 (AMAZON-AES)
1 2600:1f18:444... 14618 (AMAZON-AES)
222 43
Apex Domain
Subdomains
Transfer
121 cartabcc.it
www.cartabcc.it
3 MB
50 facebook.com
connect.facebook.com
graph.facebook.com
www.facebook.com
28 KB
7 adnxs.com
secure.adnxs.com
ib.adnxs.com
7 KB
7 criteo.com
gum.criteo.com
mug.criteo.com
sslwidget.criteo.com
dis.criteo.com
15 KB
7 adform.net
s2.adform.net
track.adform.net
cm.adform.net
58 KB
5 yahoo.com
ads.yahoo.com
ups.analytics.yahoo.com
1 KB
5 facebook.net
connect.facebook.net
197 KB
4 fbcdn.net
static.xx.fbcdn.net
273 KB
4 doubleclick.net
stats.g.doubleclick.net
5139589.fls.doubleclick.net
cm.g.doubleclick.net
2 KB
3 liadm.com
i.liadm.com
i6.liadm.com
2 KB
3 advertising.com
pixel.advertising.com
1 KB
2 mgid.com
cm.mgid.com
1 KB
2 stickyadstv.com
ads.stickyadstv.com
cdn.stickyadstv.com
1 KB
2 bidswitch.net
x.bidswitch.net
1 KB
2 3lift.com
eb2.3lift.com
733 B
2 casalemedia.com
r.casalemedia.com
2 KB
2 360yield.com
ad.360yield.com
852 B
2 bing.com
c.bing.com
746 B
2 google.it
www.google.it
adservice.google.it
1 KB
2 google.com
analytics.google.com
adservice.google.com
1 KB
1 smaato.net
s.ad.smaato.net
239 B
1 yieldmo.com
sync-criteo.ads.yieldmo.com
456 B
1 ivitrack.com
matching.ivitrack.com
242 B
1 omnitagjs.com
visitor.omnitagjs.com
235 B
1 sharethrough.com
match.sharethrough.com
263 B
1 media.net
contextual.media.net
783 B
1 teads.tv
criteo-sync.teads.tv
172 B
1 taboola.com
sync-t1.taboola.com
231 B
1 pubmatic.com
simage2.pubmatic.com
341 B
1 smartadserver.com
rtb-csync.smartadserver.com
163 B
1 rubiconproject.com
pixel.rubiconproject.com
239 B
1 outbrain.com
sync.outbrain.com
476 B
1 googleadservices.com
www.googleadservices.com
18 KB
1 criteo.net
static.criteo.net
14 KB
1 googletagmanager.com
www.googletagmanager.com
61 KB
222 35
Domain Requested by
121 www.cartabcc.it 2 redirects www.cartabcc.it
47 www.facebook.com connect.facebook.net
www.cartabcc.it
5 connect.facebook.net www.cartabcc.it
connect.facebook.com
connect.facebook.net
4 static.xx.fbcdn.net www.facebook.com
4 ups.analytics.yahoo.com 1 redirects
4 secure.adnxs.com 3 redirects
3 pixel.advertising.com 3 redirects
3 ib.adnxs.com 3 redirects
3 dis.criteo.com
3 track.adform.net 2 redirects www.cartabcc.it
3 s2.adform.net 1 redirects www.cartabcc.it
2 i.liadm.com 2 redirects
2 cm.mgid.com 1 redirects
2 x.bidswitch.net 1 redirects
2 eb2.3lift.com 1 redirects
2 r.casalemedia.com 1 redirects
2 ad.360yield.com 1 redirects
2 c.bing.com
2 gum.criteo.com 1 redirects static.criteo.net
2 5139589.fls.doubleclick.net 1 redirects www.cartabcc.it
2 graph.facebook.com www.cartabcc.it
connect.facebook.net
1 i6.liadm.com
1 s.ad.smaato.net
1 sync-criteo.ads.yieldmo.com
1 matching.ivitrack.com
1 cdn.stickyadstv.com
1 ads.stickyadstv.com 1 redirects
1 visitor.omnitagjs.com
1 match.sharethrough.com
1 contextual.media.net
1 criteo-sync.teads.tv
1 cm.adform.net
1 sync-t1.taboola.com
1 simage2.pubmatic.com
1 ads.yahoo.com
1 rtb-csync.smartadserver.com
1 pixel.rubiconproject.com
1 sync.outbrain.com
1 cm.g.doubleclick.net 1 redirects
1 sslwidget.criteo.com static.criteo.net
1 adservice.google.it adservice.google.com
1 mug.criteo.com www.cartabcc.it
1 adservice.google.com 5139589.fls.doubleclick.net
1 www.google.it www.cartabcc.it
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com www.googletagmanager.com
1 www.googleadservices.com www.cartabcc.it
1 static.criteo.net www.cartabcc.it
1 connect.facebook.com 1 redirects
1 www.googletagmanager.com www.cartabcc.it
222 50
Subject Issuer Validity Valid
www.cartabcc.it
Thawte EV RSA CA 2018
2021-06-22 -
2022-07-13
a year crt.sh
*.google-analytics.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.criteo.net
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-09-09 -
2021-12-07
3 months crt.sh
www.googleadservices.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.google.com
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.g.doubleclick.net
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.google.it
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2021-09-08 -
2021-12-07
3 months crt.sh
track.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-09-06 -
2022-10-07
a year crt.sh
*.doubleclick.net
GTS CA 1C3
2021-11-01 -
2022-01-24
3 months crt.sh
*.criteo.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2021-09-09 -
2021-12-07
3 months crt.sh
*.outbrain.com
Thawte RSA CA 2018
2021-10-24 -
2022-11-24
a year crt.sh
*.rubiconproject.com
DigiCert TLS RSA SHA256 2020 CA1
2021-03-30 -
2022-04-04
a year crt.sh
*.smartadserver.com
DigiCert ECC Secure Server CA
2020-01-30 -
2022-02-03
2 years crt.sh
www.bing.com
Microsoft RSA TLS CA 02
2021-09-30 -
2022-03-30
6 months crt.sh
ui.aps.ads.yahoo.com
DigiCert SHA2 High Assurance Server CA
2021-10-25 -
2021-12-15
2 months crt.sh
*.pubmatic.com
DigiCert Baltimore TLS RSA SHA256 2020 CA1
2021-08-04 -
2022-09-04
a year crt.sh
*.taboola.com
DigiCert TLS Hybrid ECC SHA384 2020 CA1
2020-11-25 -
2021-12-26
a year crt.sh
*.adform.net
DigiCert TLS RSA SHA256 2020 CA1
2021-05-28 -
2022-06-15
a year crt.sh
teads.tv
R3
2021-11-03 -
2022-02-01
3 months crt.sh
*.media.net
DigiCert SHA2 Secure Server CA
2021-04-12 -
2022-04-20
a year crt.sh
*.sharethrough.com
Amazon
2021-08-13 -
2022-09-11
a year crt.sh
omnitagjs.com
Sectigo RSA Domain Validation Secure Server CA
2021-05-24 -
2022-06-23
a year crt.sh
itm.ivitrack.com
R3
2021-10-17 -
2022-01-15
3 months crt.sh
*.ads.yieldmo.com
Amazon
2021-05-25 -
2022-06-23
a year crt.sh
s.ad.smaato.net
Amazon
2021-09-21 -
2022-10-20
a year crt.sh

This page contains 8 frames:

Primary Page: https://www.cartabcc.it/Pagine/default.aspx
Frame ID: C7E3A8EF5A200729C7508B2BEC52B397
Requests: 139 HTTP requests in this frame

Frame: https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583
Frame ID: 9309352C849B24913B043C5B4E096920
Requests: 1 HTTP requests in this frame

Frame: https://gum.criteo.com/syncframe?topUrl=www.cartabcc.it&origin=onetag
Frame ID: 79D83088B96EEB91FDA4EDD8D10422DE
Requests: 2 HTTP requests in this frame

Frame: https://adservice.google.com/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/
Frame ID: FE6D73D8A9C07B802270BC529F66E7F6
Requests: 1 HTTP requests in this frame

Frame: https://adservice.google.it/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/
Frame ID: FBF2FCDED0E31DB5A3F3A5AE8C490E60
Requests: 1 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Frame ID: 2316457C17149EC45BC09073C6C50BBF
Requests: 24 HTTP requests in this frame

Frame: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Frame ID: F7B7A7C23D28583FE1FF8901FBC99FC3
Requests: 24 HTTP requests in this frame

Frame: https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Frame ID: 5C6655E2D4FA7A02489582376B048508
Requests: 30 HTTP requests in this frame

Screenshot

Page Title

CartaBCC

Page URL History Show full URLs

  1. http://www.cartabcc.it/ HTTP 302
    https://www.cartabcc.it/ HTTP 302
    https://www.cartabcc.it/Pagine/default.aspx Page URL

Page Statistics

222
Requests

92 %
HTTPS

33 %
IPv6

35
Domains

50
Subdomains

43
IPs

10
Countries

4190 kB
Transfer

7854 kB
Size

55
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://www.cartabcc.it/ HTTP 302
    https://www.cartabcc.it/ HTTP 302
    https://www.cartabcc.it/Pagine/default.aspx Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33
  • https://connect.facebook.com/it_IT/all.js HTTP 302
  • https://connect.facebook.net/it_IT/all.js
Request Chain 63
  • https://track.adform.net/serving/scripts/trackpoint/async/ HTTP 301
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Request Chain 101
  • https://5139589.fls.doubleclick.net/activityi;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583 HTTP 302
  • https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583
Request Chain 120
  • https://s2.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx HTTP 301
  • https://track.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx HTTP 302
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx
Request Chain 129
  • https://gum.criteo.com/sid/json?origin=onetag&domain=cartabcc.it&sn=ChromeSyncframe&so=0&topUrl=www.cartabcc.it&cw=1&lsw=1 HTTP 302
  • https://mug.criteo.com/sid?cpp=Q44SS3xVUnRXVWt2Y1lPN1RsRHhldFVSZWdUR2gyTXlQamhoOGR5d3Y0K1FZY3ZqRHBZS09SRUNIck5XeVFjNEFmL3ZiMzF1SHRoYUtvSDVSWjBNMXFrajNGekhkVHhkZ1hVVms1bDJRelZlMVFzYlByaFdqNUtiRkQyeGpJbXhoTDQyMWRPZG5COVhMbzBLb0dnMjZYZVNiNkF3c090UGh6WWlWcGpaNG5DSmNBMjJaVVBaTENPMzUyeTJ2MnBYS0VnNThlUVA4WGREQjVsQTNLRlBHb3ZzOWV6bFhMa1czR21zdmtrR1Y5SmN5NzBXQTlBSTZ5UHQ3Z2VLQTRuc2RzQkdkc2hEQVJ3T2g5K1NwZWVuOXZIR3ZoZz09fA&cppv=2
Request Chain 140
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1TTGE1MU93dUhvcGxrSk1QRkpzZjRRa3E3SE90cndJWHhYUDEtZw HTTP 302
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Request Chain 144
  • https://secure.adnxs.com/setuid?entity=52&code=k-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ&seg=130915 HTTP 307
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ%26seg%3D130915
Request Chain 145
  • https://ib.adnxs.com/seg?add=7643336&redir=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 307
  • https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D7643336%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fgetuid%253Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fappnexus%252Fcookiematch.aspx%253Fappnxsid%253D%2524UID HTTP 302
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Request Chain 148
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig HTTP 302
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig&verify=true
Request Chain 149
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q HTTP 302
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q
Request Chain 151
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A HTTP 302
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A&C=1
Request Chain 155
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b HTTP 302
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Request Chain 156
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30 HTTP 302
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30
Request Chain 160
  • https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-cOwU--wuHoplkJMPFJsf4Qkq7HNAerk18UUN5Q&redirectId=69 HTTP 302
  • https://cdn.stickyadstv.com/one-shot/empty.gif
Request Chain 161
  • https://pixel.advertising.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1 HTTP 302
  • https://pixel.advertising.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&verify=true HTTP 302
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
Request Chain 164
  • https://cm.mgid.com/m?cdsp=617660&c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg HTTP 307
  • https://cm.mgid.com/m?c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg&cdsp=617660&sct=1
Request Chain 166
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA HTTP 303
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA&_li_chk=true&previous_uuid=59dbacb9496e49088b760c3b34458797 HTTP 303
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA
Request Chain 214
  • https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID HTTP 302
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID HTTP 302
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Request Chain 218
  • https://pixel.advertising.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1 HTTP 302
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146

222 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request default.aspx
www.cartabcc.it/Pagine/
Redirect Chain
  • http://www.cartabcc.it/
  • https://www.cartabcc.it/
  • https://www.cartabcc.it/Pagine/default.aspx
479 KB
481 KB
Document
General
Full URL
https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
cb52bb4f72aa07d6d58a515642e9eb129becc794f5aa9e6073a8e80a9ff32cf9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9

Response headers

Cache-Control
private, max-age=0
Content-Type
text/html; charset=utf-8
Expires
Mon, 15 Nov 2021 13:05:38 GMT
Last-Modified
Tue, 30 Nov 2021 13:05:38 GMT
Vary
Accept-Encoding
Server
Microsoft-IIS/8.5
X-SharePointHealthScore
0
X-AspNet-Version
4.0.30319
SPRequestGuid
033208a0-4ba0-b098-3c3c-40a0ecbdb48d
request-id
033208a0-4ba0-b098-3c3c-40a0ecbdb48d
X-FRAME-OPTIONS
SAMEORIGIN
SPRequestDuration
1170
SPIisLatency
0
X-Powered-By
ASP.NET
MicrosoftSharePointTeamServices
15.0.0.4719
X-Content-Type-Options
nosniff
X-MS-InvokeApp
1; RequireReadOnly
X-XSS-Protection
1
Date
Tue, 30 Nov 2021 13:05:39 GMT
Transfer-Encoding
chunked

Redirect headers

Location
https://www.cartabcc.it/Pagine/default.aspx
Content-Type
text/html; charset=UTF-8
Server
Microsoft-IIS/8.5
X-SharePointHealthScore
0
SPRequestGuid
033208a0-5b9d-b098-3c3c-4833cf6679b5
request-id
033208a0-5b9d-b098-3c3c-4833cf6679b5
X-FRAME-OPTIONS
SAMEORIGIN
SPRequestDuration
5
SPIisLatency
0
X-Powered-By
ASP.NET
MicrosoftSharePointTeamServices
15.0.0.4719
X-Content-Type-Options
nosniff
X-MS-InvokeApp
1; RequireReadOnly
X-XSS-Protection
1
Date
Tue, 30 Nov 2021 13:05:37 GMT
Content-Length
166
js
www.googletagmanager.com/gtag/
163 KB
61 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:829::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b99a4e345c89904d21e117884bd9937c82ec33ec549984b91d873833e04e7bd2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:39 GMT
content-encoding
br
server
Google Tag Manager
access-control-allow-headers
Cache-Control
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
61735
x-xss-protection
0
expires
Tue, 30 Nov 2021 13:05:39 GMT
oslo.css
www.cartabcc.it/_layouts/15/1040/styles/Themable/
320 KB
46 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7bc15156bfd0c994eb416710df6402ae66bde703b16f0b494fbea7f4b6f9d5db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 24 Mar 2020 20:35:18 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
46672
ETag
"08713bb1b2d61:0"
bootstrap.min.css
www.cartabcc.it/_catalogs/masterpage/css/
115 KB
27 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-5bf1-b098-3c3c-4ee75cbdc5c6
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:5DF8087F-0B0F-479B-B951-D4B7009C228A@00000000010
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
26864
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Last-Modified
Thu, 07 Jan 2016 09:21:43 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-5bf1-b098-3c3c-4ee75cbdc5c6
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{5DF8087F-0B0F-479B-B951-D4B7009C228A},10"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
flexslider.css
www.cartabcc.it/_catalogs/masterpage/css/
7 KB
3 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/flexslider.css
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
09023baefad81ce5066da12f63dbfd860f1321097977c6994d7862905f18da76
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-5bf1-b098-3c3c-4ac112438372
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:CBF85667-2FB6-40C2-A6A4-EA6B36F0FE8B@00000000010
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1922
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Last-Modified
Thu, 07 Jan 2016 09:21:43 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-5bf1-b098-3c3c-4ac112438372
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{CBF85667-2FB6-40C2-A6A4-EA6B36F0FE8B},10"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
owl.carousel.css
www.cartabcc.it/_catalogs/masterpage/css/
5 KB
2 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/owl.carousel.css
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-5bf1-b098-3c3c-458c4ebcb9ac
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:EFC96715-741D-4F70-AE4E-3C6BE8D6EAE9@00000000010
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1389
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Last-Modified
Thu, 07 Jan 2016 09:21:43 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-5bf1-b098-3c3c-458c4ebcb9ac
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{EFC96715-741D-4F70-AE4E-3C6BE8D6EAE9},10"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
style.css
www.cartabcc.it/_catalogs/masterpage/css/
134 KB
37 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3a1899fdd2df51cb258831412da0b42457621acd71e23318d537047c373f9520
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-5bf1-b098-3c3c-4f3b2ee4ea04
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:1DF266C3-DA5D-4938-991E-ACA878E83BA3@00000032911
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
37412
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
20
Last-Modified
Tue, 23 Nov 2021 13:45:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-5bf1-b098-3c3c-4f3b2ee4ea04
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{1DF266C3-DA5D-4938-991E-ACA878E83BA3},32911"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
font.css
www.cartabcc.it/_catalogs/masterpage/css/
3 KB
1 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
13d8206e6dcb19f6362581ec12b009524c1bd131d45722b61094436bca79445b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-4bf3-b098-3c3c-43d8ded9c9e3
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:6C1F6A95-0F51-4B9F-840D-7F61A1381486@00000000010
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
576
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Last-Modified
Thu, 07 Jan 2016 09:21:43 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-4bf3-b098-3c3c-43d8ded9c9e3
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{6C1F6A95-0F51-4B9F-840D-7F61A1381486},10"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
SharepointManagement.css
www.cartabcc.it/_catalogs/masterpage/css/
1 KB
1 KB
Stylesheet
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/css/SharepointManagement.css
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1b70ec41a84b82047cd2935f6ac76c0d0ded50ec6a65b725f2b2abaf5edbfb6c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-4bf3-b098-3c3c-40c376ca67cd
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:86F8DEDA-7881-44D9-B99B-6AF78DC3C835@00000000010
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
575
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Last-Modified
Thu, 07 Jan 2016 09:21:44 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-4bf3-b098-3c3c-40c376ca67cd
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{86F8DEDA-7881-44D9-B99B-6AF78DC3C835},10"
Vary
Accept-Encoding
Content-Type
text/css
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
init.js
www.cartabcc.it/_layouts/15/
158 KB
44 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Mar 2020 07:46:24 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
44598
ETag
"08a826e70d61:0"
initstrings.js
www.cartabcc.it/_layouts/15/1040/
18 KB
6 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/1040/initstrings.js?rev=UNKGJ%2F3jOeVzAonNhBreFw%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ea229dc845952b01f28d60d13dfcce83fd0b3c1857e29ea610f699253151d08c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 Oct 2021 04:08:13 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
5242
ETag
"80344beccced71:0"
clienttemplates.js
www.cartabcc.it/_layouts/15/
147 KB
40 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/clienttemplates.js?rev=0z4Tb4hOOcK5wjxH5p1xVg%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4f9b12ff6d6bcfe24b3908b5b4653b2769d650b5aafcaa9ad983a521dd9a4491
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Sep 2021 16:19:42 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
40123
ETag
"0e3c25284a9d71:0"
jquery.min.js
www.cartabcc.it/style%20library/js/
82 KB
38 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/jquery.min.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-3bf6-b098-3c3c-40b649ca35b8
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:E3EAD1FE-7229-40B4-A624-68324D77ED68@00000000001
Content-Disposition
attachment; filename="jquery.min.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
37709
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:57 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-3bf6-b098-3c3c-40b649ca35b8
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{E3EAD1FE-7229-40B4-A624-68324D77ED68},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
bootstrap.min.js
www.cartabcc.it/style%20library/js/
35 KB
13 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/bootstrap.min.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-3bf6-b098-3c3c-4631da17272a
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:370C4F4E-F45C-4771-B180-FA3C6FDDE037@00000000001
Content-Disposition
attachment; filename="bootstrap.min.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
12548
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
22
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:56 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-3bf6-b098-3c3c-4631da17272a
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{370C4F4E-F45C-4771-B180-FA3C6FDDE037},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
1
jquery.flexslider-min.js
www.cartabcc.it/style%20library/js/
21 KB
9 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/jquery.flexslider-min.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
af44c83f737c501b3862145a4a30d18f780168a429f94c9a6ef90b71f464c858
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-2bf7-b098-3c3c-426e506133f3
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:3B564F50-CF7C-438B-B549-E4E3B79AEDB7@00000000001
Content-Disposition
attachment; filename="jquery.flexslider-min.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
8127
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:56 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-2bf7-b098-3c3c-426e506133f3
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{3B564F50-CF7C-438B-B549-E4E3B79AEDB7},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
makefixed.min.js
www.cartabcc.it/style%20library/js/
2 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/makefixed.min.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
098c1d66ca6ac145edf6dc127803d5409064e1985e40a112fe52b36f2a130ae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-2bf8-b098-3c3c-46bf65d4418f
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:1E0BBC98-69B0-444C-BB68-34A0C71356AA@00000000001
Content-Disposition
attachment; filename="makefixed.min.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
895
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:57 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-2bf8-b098-3c3c-46bf65d4418f
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{1E0BBC98-69B0-444C-BB68-34A0C71356AA},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
owl.carousel.min.js
www.cartabcc.it/style%20library/js/
39 KB
14 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/owl.carousel.min.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-2bf8-b098-3c3c-4bbdf844a1c0
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:F6DDF59E-98FA-452B-A0E0-142A64CB68C6@00000000001
Content-Disposition
attachment; filename="owl.carousel.min.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
13876
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:57 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-2bf8-b098-3c3c-4bbdf844a1c0
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{F6DDF59E-98FA-452B-A0E0-142A64CB68C6},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
script.js
www.cartabcc.it/style%20library/js/
16 KB
5 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/js/script.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
87c0ba07e79ba24acaedb7c0ffb79aed84a0876dc99ea17b44d92898c1920636
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-2bf9-b098-3c3c-42947b8edfbc
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:7B5AED01-F6C2-46AA-8B4A-B7198F0ABC62@00000000012
Content-Disposition
attachment; filename="script.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
3989
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Fri, 26 May 2017 10:30:33 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-2bf9-b098-3c3c-42947b8edfbc
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{7B5AED01-F6C2-46AA-8B4A-B7198F0ABC62},12"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
cbcc_jslinkmanager.js
www.cartabcc.it/style%20library/jslink/
4 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/jslink/cbcc_jslinkmanager.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
42cb30500358c7f019ee93575e48d523d0931fa3b75de43868b03d66f3e0fb74
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-2bf9-b098-3c3c-4bbc58a2f22b
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:7DB98EED-2666-45C8-B02D-80DB7AB21CB2@00000000001
Content-Disposition
attachment; filename="cbcc_jslinkmanager.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1089
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:00 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-2bf9-b098-3c3c-4bbc58a2f22b
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{7DB98EED-2666-45C8-B02D-80DB7AB21CB2},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
ScriptResource.axd
www.cartabcc.it/
100 KB
25 KB
Script
General
Full URL
https://www.cartabcc.it/ScriptResource.axd?d=qZWJRgx71waW1ndBbIkYZ_GiyumunogvatsHFRh8uI8n-XZ8GGbvGyURCIvXBVOHEYfmBLaLZ5EFbRwyguIRRaRsKME0baM-16H45ID0M3YGPKcFI7oM86Q9AJMSgoccV7C73w-U8e9FF9tXRvmfq0nPzAu1qHgY8zvLL_cgVEBmFY8ZV0MZp8imUc3UxBwY0&t=ffffffffce034dab
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Nov 2021 00:35:03 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Content-Type
application/x-javascript
Cache-Control
public
Content-Length
25609
X-XSS-Protection
1
MicrosoftSharePointTeamServices
15.0.0.4719
Expires
Wed, 30 Nov 2022 00:35:03 GMT
blank.js
www.cartabcc.it/_layouts/15/
119 B
691 B
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/blank.js?rev=ZaOXZEobVwykPO9g8hq%2F8A%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Jan 2014 06:06:04 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
217
ETag
"0ae9932118cf1:0"
ScriptResource.axd
www.cartabcc.it/
39 KB
10 KB
Script
General
Full URL
https://www.cartabcc.it/ScriptResource.axd?d=uz_9pZUGins3YmuWgJ4USWOzVsRjO4ojt54-OLdzn1nf56US9sFkcNYMR35XdI3B_eu4ys334kV3DZzApowa792vgzDpKBVVAIIko8VDpZA8EV-gVUUjIsW9Lp9LukC3zcc9ITom9wCJHN0CbwoclfiX5Jg4yXy-GpDyToiyJM-yMXK_q1m1KRxtvOtwGpJf0&t=ffffffffce034dab
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Nov 2021 00:35:03 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Content-Type
application/x-javascript
Cache-Control
public
Content-Length
9984
X-XSS-Protection
1
MicrosoftSharePointTeamServices
15.0.0.4719
Expires
Wed, 30 Nov 2022 00:35:03 GMT
CBCC_PrivatiMenu_CarteDiCredito.js
www.cartabcc.it/Style%20Library/JSLink/
499 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CarteDiCredito.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7588a3068e2520e236ee7708b08636bc587d79ee0c3e1ce13f31e860c5a00936
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-1bfb-b098-3c3c-4ca9af1a86d8
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:E609A0E6-C042-4F58-B262-D1C83B5B9BAE@00000000001
Content-Disposition
attachment; filename="CBCC_PrivatiMenu_CarteDiCredito.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
388
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:01 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-1bfb-b098-3c3c-4ca9af1a86d8
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{E609A0E6-C042-4F58-B262-D1C83B5B9BAE},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_PrivatiMenu_CarteDiDebito.js
www.cartabcc.it/Style%20Library/JSLink/
493 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CarteDiDebito.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ace45b46ac17a67385d5531e52dd00c52b17329a911ad2548954a11b2ad6f1d4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-1bfb-b098-3c3c-4b97aa357fda
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:904C6A6B-8999-4763-80A5-D394C90C2110@00000000001
Content-Disposition
attachment; filename="CBCC_PrivatiMenu_CarteDiDebito.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
387
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:02 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-1bfb-b098-3c3c-4b97aa357fda
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{904C6A6B-8999-4763-80A5-D394C90C2110},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_PrivatiMenu_CartePrepagate.js
www.cartabcc.it/Style%20Library/JSLink/
500 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_PrivatiMenu_CartePrepagate.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
a4ec6f94a0b8da689d7e44343539adbcd049e2aacb981a6cbc4891bbd051bae9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfc-b098-3c3c-4174b82785a2
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:8ECA465A-8A63-4859-8669-6B4C5195FADA@00000000001
Content-Disposition
attachment; filename="CBCC_PrivatiMenu_CartePrepagate.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
385
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:02 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfc-b098-3c3c-4174b82785a2
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{8ECA465A-8A63-4859-8669-6B4C5195FADA},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_AziendeMenu_CarteDiCredito.js
www.cartabcc.it/Style%20Library/JSLink/
510 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CarteDiCredito.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3c8cca8f79a813ccbc3683de3169c70c385b8bec34e0b383d05ef904c8b020cb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfe-b098-3c3c-44c6e0da44fa
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:28107206-B640-44B1-80FF-7BBFC97CBBFF@00000000001
Content-Disposition
attachment; filename="CBCC_AziendeMenu_CarteDiCredito.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
396
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:58 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfe-b098-3c3c-44c6e0da44fa
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{28107206-B640-44B1-80FF-7BBFC97CBBFF},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_AziendeMenu_CartePrepagate.js
www.cartabcc.it/Style%20Library/JSLink/
509 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CartePrepagate.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
284a56c4ba4ca9f30a494fcb4f75c23f5253547bad735ef51158df6dfc90c915
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfe-b098-3c3c-40faafd7ad5f
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:98934E96-DAE8-4441-8DE8-A5560DCA43C7@00000000001
Content-Disposition
attachment; filename="CBCC_AziendeMenu_CartePrepagate.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
389
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:59 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfe-b098-3c3c-40faafd7ad5f
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{98934E96-DAE8-4441-8DE8-A5560DCA43C7},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_AziendeMenu_CarteBccPos.js
www.cartabcc.it/Style%20Library/JSLink/
491 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_AziendeMenu_CarteBccPos.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2563ca062d2fb21da1ec427412b982b02799fdcb75db6522ef3a777d2235c0ca
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfe-b098-3c3c-4bd5363624be
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:5EF5CC53-BA12-4091-A33D-6B32C729E2FE@00000000001
Content-Disposition
attachment; filename="CBCC_AziendeMenu_CarteBccPos.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
386
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:58 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfe-b098-3c3c-4bd5363624be
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{5EF5CC53-BA12-4091-A33D-6B32C729E2FE},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_VantaggiMenu.js
www.cartabcc.it/Style%20Library/JSLink/
2 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_VantaggiMenu.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
80fb3e76ddde2313ad4c6b34b06b8d42d3a4d2fd628861fec955e70bf99e5eaa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfe-b098-3c3c-44eb8267c3db
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:C02F7470-3C63-48BA-AAE4-D42A70D8408B@00000000001
Content-Disposition
attachment; filename="CBCC_VantaggiMenu.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
627
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:04 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfe-b098-3c3c-44eb8267c3db
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{C02F7470-3C63-48BA-AAE4-D42A70D8408B},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
cbcc_topsliderhomepage.js
www.cartabcc.it/style%20library/jslink/
3 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/style%20library/jslink/cbcc_topsliderhomepage.js?ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
663c4a5f602e171f5f8cfcd8002ea6a4a2e87b45ec771ad5e2bc5ff0866b46aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-0bfe-b098-3c3c-435ed1da6f89
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:F3BC8ED5-7FB7-499C-8D10-649DAD45C0CF@00000000003
Content-Disposition
attachment; filename="cbcc_topsliderhomepage.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
999
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
8
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Mon, 29 Aug 2016 09:16:05 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-0bfe-b098-3c3c-435ed1da6f89
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{F3BC8ED5-7FB7-499C-8D10-649DAD45C0CF},3"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_VantaggiOverlay.js
www.cartabcc.it/Style%20Library/JSLink/
4 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_VantaggiOverlay.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
083676345d3d4780868d7082af80b98cb33a9c28945dfdebb64b8859f62b8e15
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbfe-b098-3c3c-475b5a6a2cec
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:D694AA7F-0729-48FC-86D3-03CA55B0A2A0@00000000001
Content-Disposition
attachment; filename="CBCC_VantaggiOverlay.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1337
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:04 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbfe-b098-3c3c-475b5a6a2cec
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{D694AA7F-0729-48FC-86D3-03CA55B0A2A0},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_ForYouPrivati.js
www.cartabcc.it/Style%20Library/JSLink/
3 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_ForYouPrivati.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
a5c277cb9c2bff3a7ebffc13f04997021c12a83c8b101e6e03330676bec5808d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbff-b098-3c3c-42be72f110d2
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:10E8E632-3CAF-45D2-B671-34A0F6FEB68C@00000000001
Content-Disposition
attachment; filename="CBCC_ForYouPrivati.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1244
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:19:59 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbff-b098-3c3c-42be72f110d2
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{10E8E632-3CAF-45D2-B671-34A0F6FEB68C},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_SubBannerProdotti.js
www.cartabcc.it/Style%20Library/JSLink/
3 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_SubBannerProdotti.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
beaa74a3337db035766f890b60e7e5da285f1393b3565f09799e278e4e09b46c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbff-b098-3c3c-44ffaee45682
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:073F253A-F82E-4D6C-A5D6-1435642D1152@00000000001
Content-Disposition
attachment; filename="CBCC_SubBannerProdotti.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
999
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 07 Jan 2016 09:20:03 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbff-b098-3c3c-44ffaee45682
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{073F253A-F82E-4D6C-A5D6-1435642D1152},1"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
CBCC_NewsHomePage.js
www.cartabcc.it/Style%20Library/JSLink/
921 B
1 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/JSLink/CBCC_NewsHomePage.js?varTag=1638277538&ctag=7818$$15.0.5389.1000
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
90866a1ecb4b2d71afa0657bbc4426ff1c65cd950bb7c7610420fdb25000bc94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbff-b098-3c3c-4f31df59d910
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:AF51FAAB-DEB2-4CE8-92D1-64AFC61D3276@00000000003
Content-Disposition
attachment; filename="CBCC_NewsHomePage.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
553
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Wed, 30 Nov 2022 13:05:39 GMT
Last-Modified
Thu, 18 Aug 2016 13:15:54 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbff-b098-3c3c-4f31df59d910
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{AF51FAAB-DEB2-4CE8-92D1-64AFC61D3276},3"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=31536000
SPIisLatency
0
all.js
connect.facebook.net/it_IT/
Redirect Chain
  • https://connect.facebook.com/it_IT/all.js
  • https://connect.facebook.net/it_IT/all.js
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/it_IT/all.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
c61a0c4884129778832dd953bca05f2743c626d4c163d30e3fb27baf0a799544
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
1lDNjh84KMrAVuvT34AVAw==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1686
x-fb-rlafr
0
x-fb-debug
p3EW7sffwvZrjXc5MV4XSptklAZLwi/pPl75GJ36ZNkKmtEUi8FEHivobsPind1yaZp0mIG8n4dKIgXKFEl6VA==
x-fb-trip-id
686109401
x-fb-content-md5
e6f698d7cfbe66f3bc2c530c0ea1d6b1
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:40 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"ceee7435880d42c51c46ba8f32a0227d"
timing-allow-origin
*
priority
u=3,i
expires
Tue, 30 Nov 2021 13:10:35 GMT

Redirect headers

location
https://connect.facebook.net/it_IT/all.js
x-fb-debug
qRkVsd2j8FRBWMrIRB0dL1j4FNA4+dK3/IcskIzwOER9S1LG0m7GswwuBo/bl+Vhx40oUNpLFY085+VFUcW3RA==
date
Tue, 30 Nov 2021 13:05:39 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
bt.cookies.api.dyn.js
www.cartabcc.it/SiteAssets/js/cookie_js/
6 KB
3 KB
Script
General
Full URL
https://www.cartabcc.it/SiteAssets/js/cookie_js/bt.cookies.api.dyn.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1eaecb92e4a26d061539964caebb1ffcf87858a5db08eccdf2345b1a547e2019
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbff-b098-3c3c-4f9dc86e4626
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:436D3A6D-4C03-4A55-B7AA-BC24AB9DBE78@00000000709
Content-Disposition
attachment; filename="bt.cookies.api.dyn.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
2534
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Fri, 26 Nov 2021 15:00:42 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbff-b098-3c3c-4f9dc86e4626
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{436D3A6D-4C03-4A55-B7AA-BC24AB9DBE78},709"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
cookies.dyn.js
www.cartabcc.it/SiteAssets/js/cookie_js/
9 KB
5 KB
Script
General
Full URL
https://www.cartabcc.it/SiteAssets/js/cookie_js/cookies.dyn.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
96ed2223d2d8f0ee570a2f28acd2fe7ff3c490a8e95726e178e025a2cd3b6d3c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
033208a0-fbff-b098-3c3c-4944e323cd41
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:8BA7D376-DE61-47F4-AD8A-465DE1952CA3@00000000713
Content-Disposition
attachment; filename="cookies.dyn.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
3823
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Fri, 26 Nov 2021 15:00:42 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
033208a0-fbff-b098-3c3c-4944e323cd41
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{8BA7D376-DE61-47F4-AD8A-465DE1952CA3},713"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
spcommon.png
www.cartabcc.it/_layouts/15/images/
19 KB
19 KB
Image
General
Full URL
https://www.cartabcc.it/_layouts/15/images/spcommon.png?rev=23
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
101cf54c0b669349a1fd5ab1935464a9a9645eb48fcae4cc2633a854444a501d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-MS-InvokeApp
1; RequireReadOnly
X-Content-Type-Options
nosniff
Last-Modified
Wed, 29 Apr 2015 18:45:08 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
ETag
"0525f9dac82d01:0"
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
19434
X-XSS-Protection
1
CartaBCC_Favicon.ico
www.cartabcc.it/_catalogs/masterpage/img/
1 KB
2 KB
Image
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/img/CartaBCC_Favicon.ico?rev=23
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fd64cd355a393eb0e75ffb097014deab7e585e38fb57348dcc3f6bd8998d3328
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-eb02-b098-3c3c-43fa32b1be3a
Content-Length
1150
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 24 Sep 2015 10:08:22 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-eb02-b098-3c3c-43fa32b1be3a
ETag
"{6F57C8B5-F404-4EE0-9D38-DEE2AE2AE635},10pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/x-icon
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
WebResource.axd
www.cartabcc.it/
23 KB
6 KB
Script
General
Full URL
https://www.cartabcc.it/WebResource.axd?d=4_fx27vfOwpZvzXwcPOPUWO9HsnGnd9QtgNuc8YZFif6iAuA6YmczyMxYW__ykzXfGMPBaTC0DvVtS7Mk049zRmH-0TLzW8Yu49g_Z9pBk81&t=637290829350350503
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 30 Jun 2020 01:02:15 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript
Cache-Control
public
Content-Length
6007
X-XSS-Protection
1
MicrosoftSharePointTeamServices
15.0.0.4719
Expires
Wed, 30 Nov 2022 00:35:03 GMT
logo-header.png
www.cartabcc.it/Style%20Library/img/
3 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/logo-header.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
dcda9469e8f63a870df774bc9e46a0d53387e493fe43dd3724d024ae2d09f33a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-eb03-b098-3c3c-47e134a55fb6
Content-Length
2588
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Sun, 13 Sep 2015 11:41:19 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-eb03-b098-3c3c-47e134a55fb6
ETag
"{DCF73FA2-935D-4A62-90FA-D8C79A6F5DED},954pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
logo.png
www.cartabcc.it/Style%20Library/img/
4 KB
5 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/logo.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4323f8ddb7c570311f9ccf5035c68d856bfe0cda1865097d8fe13826c02590c6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-eb02-b098-3c3c-4363952ff2da
Content-Length
4527
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 15 Oct 2015 07:22:47 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-eb02-b098-3c3c-4363952ff2da
ETag
"{A1EAD4EB-1BEC-4FE2-964C-A01E7B1E8A71},954pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
logo-mobile.png
www.cartabcc.it/Style%20Library/img/
8 KB
8 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/logo-mobile.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d36d9109275ca93d47589862c92e2ba34b58cc1a67541fe8ee3417ffd6b7c306
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-db05-b098-3c3c-4754af35eb27
Content-Length
7696
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Sun, 13 Sep 2015 11:41:19 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-db05-b098-3c3c-4754af35eb27
ETag
"{082F80C1-FCA5-4153-B60B-16EBEA56501D},954pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
5_Sito_CartaBcc_Menu%c2%a6%c3%87_Lancio_SAMSUNGpay_ventis%20card_481x220.jpg
www.cartabcc.it/Style%20Library/img/Banner%20News/
24 KB
25 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Banner%20News/5_Sito_CartaBcc_Menu%c2%a6%c3%87_Lancio_SAMSUNGpay_ventis%20card_481x220.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3d393fb4fa5aed6c21023b8981fb1bc69c5e566d0d3807cde55a8484fee9407d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-db05-b098-3c3c-45a83af3c504
Content-Length
24796
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 27 Jun 2018 09:08:21 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-db05-b098-3c3c-45a83af3c504
ETag
"{CFE058F7-A79E-4B3B-8B16-5542ABF2B6AC},35pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
ld.js
static.criteo.net/js/ld/
41 KB
14 KB
Script
General
Full URL
https://static.criteo.net/js/ld/ld.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638:1::3 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
nginx /
Resource Hash
a1fddf4d5fec5f577b977db5c16c6582c1768324262382650fce903a37d73ab6

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
content-encoding
gzip
last-modified
Tue, 05 Oct 2021 08:29:00 GMT
server
nginx
etag
W/"615c0ccc-a373"
content-type
text/javascript
access-control-allow-origin
*
cache-control
max-age=86400, public
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
expires
Wed, 01 Dec 2021 13:05:40 GMT
CARTA-BCC-DEBIT-SITO-CARTA-BCC_484x508.png
www.cartabcc.it/Style%20Library/img/
194 KB
195 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/CARTA-BCC-DEBIT-SITO-CARTA-BCC_484x508.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0415736d61407b163bfdccf8d5564e10e515abf89cb0c4bc72e3a9a975967335
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-db05-b098-3c3c-4d6b0718889e
Content-Length
199109
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 01 Oct 2021 09:27:24 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-db05-b098-3c3c-4d6b0718889e
ETag
"{C8369AA9-72E8-4021-BC84-144AA7F94D62},4pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
google_Store.png
www.cartabcc.it/Style%20Library/img/
3 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/google_Store.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
09ade0062ce21dde03dec21e9dcdddfacc765a4e22d800cc5bf06a363a49681a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-db05-b098-3c3c-4008f520ce73
Content-Length
3216
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 06 Jul 2020 12:43:14 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-db05-b098-3c3c-4008f520ce73
ETag
"{9A533359-58F9-47B1-A402-2E4B5D9111B1},296pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
app_store.png
www.cartabcc.it/Style%20Library/img/
2 KB
2 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/app_store.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b4ff860133d8c85a28926a7e93aa7f45f374ae6277b16c79f37356b81b18b602
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-cb06-b098-3c3c-46080d6cd896
Content-Length
1778
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 06 Jul 2020 12:46:44 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-cb06-b098-3c3c-46080d6cd896
ETag
"{C72589A3-5473-43B7-AD5C-2B2FBBA44E73},296pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
huawei_store.png
www.cartabcc.it/Style%20Library/img/
2 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/huawei_store.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
5d9862c186718bb6f766954530b787379a6ef8a9fdc50d913d4342843e1ee43b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-cb08-b098-3c3c-4355eff6f1ca
Content-Length
2515
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 06 Jul 2020 12:49:36 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-cb08-b098-3c3c-4355eff6f1ca
ETag
"{EC1DD827-5345-4092-BB00-80A99CC9DBC6},296pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
conversion.js
www.googleadservices.com/pagead/
45 KB
18 KB
Script
General
Full URL
https://www.googleadservices.com/pagead/conversion.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.186.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s05-in-f2.1e100.net
Software
cafe /
Resource Hash
4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
content-encoding
gzip
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17627
x-xss-protection
0
server
cafe
etag
16294007831590153160
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Tue, 30 Nov 2021 13:05:40 GMT
VentisBanner.js
www.cartabcc.it/Style%20Library/js/
1 KB
2 KB
Script
General
Full URL
https://www.cartabcc.it/Style%20Library/js/VentisBanner.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6fec58a48598613c8a4d19fb461f024ba975d146fc0426514c1b4a4637ccdbed
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
request-id
043208a0-eb02-b098-3c3c-45ca86ce662e
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:4AC2DBF7-CD30-46A5-AB50-59DAA1510A40@00000000733
Content-Disposition
attachment; filename="VentisBanner.js"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
607
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Expires
Mon, 15 Nov 2021 13:05:39 GMT
Last-Modified
Fri, 26 Nov 2021 15:00:37 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-eb02-b098-3c3c-45ca86ce662e
X-FRAME-OPTIONS
SAMEORIGIN
ETag
"{4AC2DBF7-CD30-46A5-AB50-59DAA1510A40},733"
X-Download-Options
noopen
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
private,max-age=0
SPIisLatency
0
chiudi.png
www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/
15 KB
15 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/chiudi.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
31cccd6f55aa480629657cb5458f989c9f5361b1b45bab9047fe21f1375370a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-cb08-b098-3c3c-4f195adc01da
Content-Length
15152
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 04 Jul 2017 12:54:39 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-cb08-b098-3c3c-4f195adc01da
ETag
"{5375383F-2CD2-41B2-9055-1A405DF83549},723pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
13_Sito_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_980x195.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/
73 KB
74 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/13_Sito_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_980x195.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
5ae0cd8647ce25c3caa7cf5155b4b3e7120f537004f5f34569b261f4dc792fb7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-cb08-b098-3c3c-4da5e6b456eb
Content-Length
74987
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 27 Jun 2018 09:25:11 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-cb08-b098-3c3c-4da5e6b456eb
ETag
"{EC765E20-5F82-4522-BA41-FC822BFF3BA8},629pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
15_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_800x310px.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/
112 KB
113 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/15_CartaBcc_Piedino_aperto_SAMSUNGpay_ventis%20card_800x310px.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
318d7b10f08b02ff518c5c74e6fcc8fc075ae5023d27e6c9859a6ba2519950f6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-cb08-b098-3c3c-4c20cb9f85e5
Content-Length
114931
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 27 Jun 2018 09:25:11 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-cb08-b098-3c3c-4c20cb9f85e5
ETag
"{D1194AF0-0A9A-4F5E-80AA-F31039734703},629pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
phone.png
www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/
9 KB
9 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-ventis/phone.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d9ad820e147680f85136b0af7b33d79e9d2cbcf4d259fd010e4b8f9b4c1e5d31
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-bb0a-b098-3c3c-4a41772ba40c
Content-Length
8885
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 04 May 2017 12:58:46 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-bb0a-b098-3c3c-4a41772ba40c
ETag
"{8537370E-1C34-4A3E-BC9D-5B8BA139D457},725pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
11_Sito_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_1348x48.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/
23 KB
23 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/11_Sito_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_1348x48.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7ae33ab34c0cc4321f009d234844837244b763b76b3a1769621f9619f849cfe2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-bb0b-b098-3c3c-4c5e28204cc8
Content-Length
23124
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 27 Jun 2018 09:25:11 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-bb0b-b098-3c3c-4c5e28204cc8
ETag
"{291989F8-4478-46FA-B3B6-476B84F0B7CE},629pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
14_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_800x153px.jpg
www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/
53 KB
54 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/custom/images/bnr-samsung/14_CartaBcc_Piedino_chiuso_SAMSUNGpay_ventis%20card_800x153px.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
55a490329010041abb0982e8fb65d384ea8307e3849deaf5792e071b71496806
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-bb0b-b098-3c3c-422ececfd777
Content-Length
54654
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 27 Jun 2018 09:25:11 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-bb0b-b098-3c3c-422ececfd777
ETag
"{4AE84A81-A83B-4917-8F66-E445C5178112},629pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
collect
analytics.google.com/g/
0
338 B
Ping
General
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-FE9QMZSP59&gtm=2oeba1&_p=1366098964&sr=1600x1200&_gaz=1&ul=en-us&cid=2112752214.1638277540&_s=1&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&dt=CartaBCC&sid=1638277539&sct=1&seg=0&en=page_view&_fv=1&_nsi=1&_ss=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80f::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cartabcc.it/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cartabcc.it
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/
0
347 B
Ping
General
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-FE9QMZSP59&cid=2112752214.1638277540&gtm=2oeba1&aip=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-FE9QMZSP59
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c08::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.cartabcc.it/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://www.cartabcc.it
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.it/ads/
42 B
501 B
Image
General
Full URL
https://www.google.it/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-FE9QMZSP59&cid=2112752214.1638277540&gtm=2oeba1&aip=1&z=694974219
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82b::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
all.js
connect.facebook.net/it_IT/
285 KB
81 KB
Script
General
Full URL
https://connect.facebook.net/it_IT/all.js?hash=bd3713d641fd70e5701e13e39adf58e4
Requested by
Host: connect.facebook.com
URL: https://connect.facebook.com/it_IT/all.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
3ee5d3987c846f18daeddbff3ba8632177ed5f8fb3d586d86aed0d749fd9c6df
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://www.cartabcc.it/
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
uPxe1Z3vVV9om4OWdCA8XA==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
82927
x-fb-rlafr
0
x-fb-debug
fDkpbs/x07asPhz4J8hLN6AN5B64HHi7Owdy0ewgi0r+gX9RdrzKau8U4hyUv3+rXe46s+ZFW1bjzL/cSMj0JA==
x-fb-content-md5
3d606130bd5417b6f50d2583bced6e13
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:40 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
etag
"694aa8bd53a7a93dce0c17bf7160e1d4"
timing-allow-origin
*
priority
u=3,i
expires
Wed, 30 Nov 2022 12:50:35 GMT
_Incapsula_Resource
www.cartabcc.it/
0
172 B
Image
General
Full URL
https://www.cartabcc.it/_Incapsula_Resource?SWKMTFSR=1&e=0.09266275886059194
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
-1
Cache-Control
no-cache, must-revalidate, max-age=0
Connection
Keep-Alive
Content-Length
0
Content-Type
image/jpeg
trackpoint-async.js
s2.adform.net/banners/scripts/st/
79 KB
28 KB
Script
General
Full URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 09:57:01 GMT
server
nginx
etag
W/"613888ed-13bd1"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript
Open_Sans.woff
www.cartabcc.it/_catalogs/masterpage/fonts/
20 KB
21 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans.woff
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-db05-b098-3c3c-49b785c4e876
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:5CDDA722-1F2E-4CF1-84BD-8B3B3386E018@00000000010
Content-Disposition
attachment; filename="Open_Sans.woff"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
20216
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Last-Modified
Thu, 07 Jan 2016 09:22:49 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-db05-b098-3c3c-49b785c4e876
ETag
"{5CDDA722-1F2E-4CF1-84BD-8B3B3386E018},10"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:39 GMT
trackpoint-async.js
s2.adform.net/banners/scripts/st/
Redirect Chain
  • https://track.adform.net/serving/scripts/trackpoint/async/
  • https://s2.adform.net/banners/scripts/st/trackpoint-async.js
79 KB
28 KB
Script
General
Full URL
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Server
37.157.2.247 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
content-encoding
gzip
last-modified
Wed, 08 Sep 2021 09:57:01 GMT
server
nginx
etag
W/"613888ed-13bd1"
x-cache-status
HIT
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
public, max-age=604800
content-type
application/x-javascript

Redirect headers

location
https://s2.adform.net/banners/scripts/st/trackpoint-async.js
date
Tue, 30 Nov 2021 13:05:40 GMT
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/html
sdk.js
connect.facebook.net/it_IT/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/it_IT/sdk.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ba401b9425b04169c4d1b9ba0177fa7a580ab58835f7727cc07e10d47f692f80
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
content-md5
rX+/sxOXNgkAfFnNu+osiQ==
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
1684
x-fb-rlafr
0
x-fb-debug
gm9q2iCXdxoAgFiv1OGPkvUSOuyg/4UkzZKpfZkQ7mpn5mJJx0qc7bpX4woOb7nWVMCYxKVFI51l0vn6uHdhtg==
x-fb-content-md5
179e628b847bf5d14b01004c9426c022
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:40 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
etag
"305cbb4ec27d8e0e4ce936fda3f7186c"
timing-allow-origin
*
priority
u=3,i
expires
Tue, 30 Nov 2021 13:07:07 GMT
access_token
graph.facebook.com/oauth/
85 B
471 B
XHR
General
Full URL
https://graph.facebook.com/oauth/access_token?client_id=1416719458657646&client_secret=52f7e55046dbcb39e9e4a22517befde0&grant_type=client_credentials
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/style%20library/js/jquery.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f045:12:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
368988b8aad8a0bbecd67db9a0a16a7760af07094e5613d7e0a8bda650b22b2d
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Accept
*/*
Referer
https://www.cartabcc.it/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
x-fb-debug
jC5ETuKYJiUTWo9koveXqhyFRgeVgJ441duQobRIorGpx9zV89yggtYe47RwcUduYTq61jG4RHYrQHI6tLC+sA==
x-fb-trace-id
DHvF+wyOR7N
date
Tue, 30 Nov 2021 13:05:40 GMT
strict-transport-security
max-age=15552000; preload
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
ATi2FzCiN2n90t8CwD1Vxul
cache-control
private, no-cache, no-store, must-revalidate
x-fb-rev
1004776213
facebook-api-version
v5.0
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
85
expires
Sat, 01 Jan 2000 00:00:00 GMT
strings.js
www.cartabcc.it/_layouts/15/1040/
147 KB
39 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/1040/strings.js?rev=kXtcn0AA2q%2FvucbEJ2Fn%2BA%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f964b6cdc8fc810fb7852dffff4e208a7ad506b4dab2a23899b4e75d7289fe6f
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sun, 31 Oct 2021 04:08:13 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
39289
ETag
"80344beccced71:0"
icgen.gif
www.cartabcc.it/_layouts/15/images/
90 B
504 B
Image
General
Full URL
https://www.cartabcc.it/_layouts/15/images/icgen.gif
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f210607fbd2ee60fe559b003e3204e57d9c2b78d9bab99d0861b6bfee943dee9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-MS-InvokeApp
1; RequireReadOnly
X-Content-Type-Options
nosniff
Last-Modified
Fri, 24 Jan 2014 07:02:24 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
ETag
"080a63bd218cf1:0"
Content-Type
image/gif
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
90
X-XSS-Protection
1
ecbarw.png
www.cartabcc.it/_layouts/15/images/
131 B
546 B
Image
General
Full URL
https://www.cartabcc.it/_layouts/15/images/ecbarw.png?rev=23
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
29fb2a35c616c1546692d8d26167b6af206db3c95a970c7cc1d12d89e38ec035
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-MS-InvokeApp
1; RequireReadOnly
X-Content-Type-Options
nosniff
Last-Modified
Tue, 21 Jan 2014 05:46:04 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
ETag
"0b684126c16cf1:0"
Content-Type
image/png
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
131
X-XSS-Protection
1
A1_Sito_CartaBCC_PremiaTiRev2.jpg
www.cartabcc.it/Lists/TopSlider/
144 KB
145 KB
Image
General
Full URL
https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_PremiaTiRev2.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0ed8f1bb12a6fc3ca72807e31da80f9e883f09816b7459674301a168cf15e90d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-9b0e-b098-3c3c-411726f7aee9
Content-Length
147401
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 01 Oct 2021 07:04:57 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-9b0e-b098-3c3c-411726f7aee9
ETag
"{D8620B4C-C24E-45CD-B963-53F832551947},3pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A1_Sito_CartaBCC_PSD2.jpg
www.cartabcc.it/Lists/TopSlider/
99 KB
99 KB
Image
General
Full URL
https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_PSD2.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d1f1ce1c58a73639fdf1712d8f18afe7b201c666b3de4bcb995e1bc95b0c3124
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-8b13-b098-3c3c-4b8e529046e3
Content-Length
101093
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 05 Feb 2021 09:10:39 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-8b13-b098-3c3c-4b8e529046e3
ETag
"{C8CFA2AD-06D1-4DCD-9F00-F1EA41E82048},5pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A1_Sito_CartaBCC_Co-Badgenocashback.jpg
www.cartabcc.it/Lists/TopSlider/
141 KB
142 KB
Image
General
Full URL
https://www.cartabcc.it/Lists/TopSlider/A1_Sito_CartaBCC_Co-Badgenocashback.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e2ee2027e3134d65c4701f15e3e2c0dd4695ad74455ce35c5c59c8938c7a046a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-8b13-b098-3c3c-467ac023af90
Content-Length
144616
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 21 Jul 2021 11:00:34 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-8b13-b098-3c3c-467ac023af90
ETag
"{E87D88D7-01A8-4159-85EA-FA8807B72B6E},6pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Ventis%20Card_2.svg
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%20140x140%20PRIVATI%20cerchio/icon%20vantaggi/
2 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%20140x140%20PRIVATI%20cerchio/icon%20vantaggi/Ventis%20Card_2.svg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
725465141f582e4a1530401e4372f289e3ceadc3d9486d70a258a9e61d80691c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-8b13-b098-3c3c-4f1b0b4329fa
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:59908B21-B9E8-43A8-A3CB-D1F30332CD82@00000000058
Content-Disposition
attachment; filename="Ventis Card_2.svg"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
1990
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
7
Last-Modified
Tue, 28 Sep 2021 09:00:51 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-8b13-b098-3c3c-4f1b0b4329fa
ETag
"{59908B21-B9E8-43A8-A3CB-D1F30332CD82},58"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/svg+xml
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
acquisto_facile.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/
4 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/acquisto_facile.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3319b642d9a9c2d3be976dd64e236792e1941e2ba84764cc15f8e24f946eb057
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-7b15-b098-3c3c-48f8213644e4
Content-Length
3995
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 24 May 2017 12:48:17 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-7b15-b098-3c3c-48f8213644e4
ETag
"{9913FAFD-1F10-41FF-B9C8-AE2DF7EA2990},46pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
contactless.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/
3 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/contactless.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
5d6530cc412e24cb8226231d03d1b6fd799e6efe62c273eb38da7e943d115ab4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-7b15-b098-3c3c-4ceb607b14c5
Content-Length
2888
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 24 May 2017 12:50:37 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-7b15-b098-3c3c-4ceb607b14c5
ETag
"{077EFCA4-D1F8-4981-AE6E-E0C646499631},20pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
addebito_posticipato.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/
3 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/addebito_posticipato.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
a6ca968cdd211c37a79a74d53c3222d6a49a10ebeccf7964fa590a642b0e76bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-6b16-b098-3c3c-47fd1b1d8c59
Content-Length
2900
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 24 May 2017 12:56:56 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-6b16-b098-3c3c-47fd1b1d8c59
ETag
"{77FDABDD-7EBD-4B4B-B811-ED6FBF982757},17pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
se_la_usi_non_la_paghi.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/
4 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20vantaggi/se_la_usi_non_la_paghi.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
70cb1295d004ab61a42f1aed2375d5a4f82094c3cd4e6de701ab46a6e06932d1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-6b17-b098-3c3c-463ce4368673
Content-Length
3926
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 24 May 2017 12:58:08 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-6b17-b098-3c3c-463ce4368673
ETag
"{6CBF580E-9E5E-4563-91BD-C23F9F34BE9B},10pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
tecnologia_chip_pin.png
www.cartabcc.it/Style%20Library/img/icon%20sicurezza/
4 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/icon%20sicurezza/tecnologia_chip_pin.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f3a64f1aa0764e55c6ae52bebd629957c6c1f389d138eb7e8c772d9c6c410fc7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-6b18-b098-3c3c-4243e88a615c
Content-Length
3958
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 13:11:25 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-6b18-b098-3c3c-4243e88a615c
ETag
"{6556C526-89FE-4EC8-A6B4-9A83A47C8F88},10pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
sms_alert.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/
6 KB
7 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/sms_alert.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
65e7768aeab15b4491a1bee61adf4cd77f7014984ac0bb404959af7acb86fa10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-6b18-b098-3c3c-4ba045eb9972
Content-Length
6279
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 19 Dec 2018 15:26:07 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-6b18-b098-3c3c-4ba045eb9972
ETag
"{B5F07CFD-9DA3-4C8D-A39E-10129A0239E1},15pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
acquisti_su_internet.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/
4 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/acquisti_su_internet.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
14173b2fb370c55d9859a7e1bb87d0b16250f46e14696ac035c6d8fde22a8306
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-6b18-b098-3c3c-4a4cd01a5502
Content-Length
3968
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 13:19:02 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-6b18-b098-3c3c-4a4cd01a5502
ETag
"{07259C81-4F26-4722-9084-A3B246ADB34F},23pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
utilizzo_estero.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/
4 KB
5 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20sicurezza/utilizzo_estero.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6e1359cf3dc38872322d3a9f39f76593dd7dea548416b92173d8ec75b59ce261
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-5b19-b098-3c3c-4b9b6551c125
Content-Length
4144
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 13:24:50 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-5b19-b098-3c3c-4b9b6551c125
ETag
"{811A2436-4A2F-4D12-9FD8-8A922077D940},11pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
app_mobile.png
www.cartabcc.it/Style%20Library/img/Icon%20Bianco%2060x60%20no%20cerchio/icon%20controllo/
1 KB
2 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20Bianco%2060x60%20no%20cerchio/icon%20controllo/app_mobile.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f9ddef4e3eb4f7ddb5397c52bdd0bed3e5aa3e489075913b590ecf422d2063f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-5b19-b098-3c3c-48cf87ada376
Content-Length
1504
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 13:29:55 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-5b19-b098-3c3c-48cf87ada376
ETag
"{08C575A0-1B18-4034-A6BB-B40D92B1F8DD},28pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
assistenza_h24.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/
3 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/assistenza_h24.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2167d6069e570bbe78187cd7f9dfe60bc6483d17bb81974825b26a8af1beb3f9
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-4b1d-b098-3c3c-45293d3ceff0
Content-Length
2580
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 14:01:32 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-4b1d-b098-3c3c-45293d3ceff0
ETag
"{00324DA4-BC9A-4E2A-B4E3-378AD2B5DD6F},12pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
movimenti_tempo_reale.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/
3 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/movimenti_tempo_reale.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d9feb97bc5878582865e38229057d6259b69d5dc9efcd8043580368164eeca25
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-4b1d-b098-3c3c-474f221b1722
Content-Length
3183
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 14:03:27 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-4b1d-b098-3c3c-474f221b1722
ETag
"{21B67671-DCFB-48EC-A423-84C7177A1DC6},11pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
estratto_conto_online.png
www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/
3 KB
3 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/Icon%20web%20CartaBcc/icon%2060x60%20BIANCO%20no%20cerchio/icon%20controllo/estratto_conto_online.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1c7a6058854929580ce5206613f1676830507804c1d194b7de049d1809bed9b2
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-4b1d-b098-3c3c-4720a2b9db78
Content-Length
2799
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Fri, 26 May 2017 14:06:23 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-4b1d-b098-3c3c-4720a2b9db78
ETag
"{2434EA26-DAA8-4F7C-8743-FB367BCEF789},9pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
ichtm.gif
www.cartabcc.it/_layouts/15/IMAGES/
624 B
1 KB
Image
General
Full URL
https://www.cartabcc.it/_layouts/15/IMAGES/ichtm.gif
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
39d8a7c6a401b46ed1ca1094cd0ace7c9e1356661e9c37d39848a8c2799afa94
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-MS-InvokeApp
1; RequireReadOnly
X-Content-Type-Options
nosniff
Last-Modified
Tue, 21 Jan 2014 05:44:42 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
ETag
"081a4e16b16cf1:0"
Content-Type
image/gif
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
624
X-XSS-Protection
1
classic_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
126 KB
127 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/classic_MC%20259x345.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
958431af002b443e91772376e40f97e48ad72064379a9b52ed166679e5f7ccf5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-4b1d-b098-3c3c-488ee359bb3f
Content-Length
129497
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Aug 2015 08:10:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-4b1d-b098-3c3c-488ee359bb3f
ETag
"{23025889-195C-4AEE-9280-A7ECFB0440D3},139pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
gold_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
126 KB
127 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/gold_MC%20259x345.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
44a9857df6a0e751a7c7a2fee5076c1a16575ccb524e53d26cdbb6da90b2310d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-4b1d-b098-3c3c-464bbe0b4e45
Content-Length
129372
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Aug 2015 08:10:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-4b1d-b098-3c3c-464bbe0b4e45
ETag
"{87AAF5E8-1494-4147-8FE8-812BEAC27BF8},88pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
debit-image.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
60 KB
61 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/debit-image.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
75329a0036d550283e35ef260a99a40e4f0b3860128afb9a601f5d8aaf2a67da
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-3b20-b098-3c3c-45a4566d9691
Content-Length
61671
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 29 Sep 2021 09:53:37 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-3b20-b098-3c3c-45a4566d9691
ETag
"{BAC7AB6D-3C5F-4952-9696-D023F79B5E5B},5pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
gold_socio_MC%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
128 KB
128 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/gold_socio_MC%20259x345.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
932cc94b7b1b4e13b29e88c8f909d29d12bb6eb3e2688885f462187985e5bb7e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-2b21-b098-3c3c-4524a7f6e36a
Content-Length
130880
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Aug 2015 08:10:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-2b21-b098-3c3c-4524a7f6e36a
ETag
"{F344681C-204F-4577-9192-A05DA5687629},86pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
tasca%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
124 KB
125 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/tasca%20259x345.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4286cef9f114568ff20fa78920a832a60158f94533713845730ac41a934d08a5
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-3b20-b098-3c3c-4edf03fc6242
Content-Length
127319
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Aug 2015 08:10:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-3b20-b098-3c3c-4edf03fc6242
ETag
"{1A23494B-B0A8-4445-963B-33C6C324D957},78pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
tasca_conto%20259x345.png
www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/
115 KB
115 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20259x345%20carte%20ombra%20per%20home/tasca_conto%20259x345.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
90aecf63f7b3c11b09a5f941b1ae98a5450458111d7940359ea4eda181f079e8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-3b20-b098-3c3c-472c1a7fab42
Content-Length
117471
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Aug 2015 08:10:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-3b20-b098-3c3c-472c1a7fab42
ETag
"{A8F17DD8-A4AE-4318-8ECA-3DC32EA41512},4pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A2_Sito_cashback_1%20percent_doppia.jpg
www.cartabcc.it/news/PublishingImages/
60 KB
61 KB
Image
General
Full URL
https://www.cartabcc.it/news/PublishingImages/A2_Sito_cashback_1%20percent_doppia.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1d2f16d480ffde58cf9d6ff4e57cf9c21ed2f5515cf2f1a74daefe5107e10985
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-2b22-b098-3c3c-4c68a660eccc
Content-Length
61448
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 15 Nov 2021 08:44:33 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-2b22-b098-3c3c-4c68a660eccc
ETag
"{37BA1AD3-B9D6-436D-830F-F64F5FB79502},6pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A2_Sito_CartaBCC_PremiaiRevGazzetta.jpg
www.cartabcc.it/news/PublishingImages/
67 KB
67 KB
Image
General
Full URL
https://www.cartabcc.it/news/PublishingImages/A2_Sito_CartaBCC_PremiaiRevGazzetta.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
da59c9a6d87cd2e0ffbea8e893e16d3b87cbdd106313900bee85918a256f5c5a
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-2b23-b098-3c3c-433512cdf96b
Content-Length
68120
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 01 Sep 2021 09:22:38 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-2b23-b098-3c3c-433512cdf96b
ETag
"{82254EC5-09AE-4372-AEA6-69B25B6C8CD4},5pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Open_Sans_Bold.woff
www.cartabcc.it/_catalogs/masterpage/fonts/
20 KB
21 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans_Bold.woff
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-9b0f-b098-3c3c-43fc710e93f3
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:8659A53B-F3EE-4450-BB06-FCD9DC0FA670@00000000010
Content-Disposition
attachment; filename="Open_Sans_Bold.woff"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
20964
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Last-Modified
Thu, 07 Jan 2016 09:22:50 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-9b0f-b098-3c3c-43fc710e93f3
ETag
"{8659A53B-F3EE-4450-BB06-FCD9DC0FA670},10"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
Lovelo-Black-webfont.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/
9 KB
10 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/Lovelo-Black-webfont.woff2
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
9eeec5a5fe940a31de261545439b0d349056e859045dc8c0a60e849b2bfcdaea
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-9b10-b098-3c3c-4fddc11707b0
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:81BB23DE-B3DC-41A3-86E9-70280409098D@00000000223
Content-Disposition
attachment; filename="Lovelo-Black-webfont.woff2"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
9404
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Last-Modified
Thu, 07 Jan 2016 09:22:45 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-9b10-b098-3c3c-4fddc11707b0
ETag
"{81BB23DE-B3DC-41A3-86E9-70280409098D},223"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/octet-stream
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
icomoon.woff
www.cartabcc.it/_catalogs/masterpage/fonts/
14 KB
15 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/icomoon.woff?m7luf8
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
6b29e3ddb09886db2f0ba25d3842c850d302cefb75705eac51488be724e59837
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/style.css?rev=1
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-9b10-b098-3c3c-4f713f89635c
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:124E5F12-B1C4-4627-9C54-088E328B9E51@00000000223
Content-Disposition
attachment; filename="icomoon.woff"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
14548
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
6
Last-Modified
Thu, 07 Jan 2016 09:22:44 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-9b10-b098-3c3c-4f713f89635c
ETag
"{124E5F12-B1C4-4627-9C54-088E328B9E51},223"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
glyphicons-halflings-regular.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/
18 KB
18 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/glyphicons-halflings-regular.woff2
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/bootstrap.min.css
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-9b10-b098-3c3c-447a5afe3a74
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:C10F360C-A503-4992-AD74-07958DD3046B@00000000010
Content-Disposition
attachment; filename="glyphicons-halflings-regular.woff2"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
18028
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Last-Modified
Thu, 07 Jan 2016 09:22:43 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-9b10-b098-3c3c-447a5afe3a74
ETag
"{C10F360C-A503-4992-AD74-07958DD3046B},10"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/octet-stream
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
DroidSerif-Italic.woff2
www.cartabcc.it/_catalogs/masterpage/fonts/
20 KB
21 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/DroidSerif-Italic.woff2
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
33a615b30f0b0648a299b0d7e7f57e6c5a1b52cfcc831b3572c1f6ff77c1e2b1
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-8b12-b098-3c3c-4e872e3d875a
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:331FD9B6-F0C1-4F95-84E7-CC9B4E8E17C5@00000000010
Content-Disposition
attachment; filename="DroidSerif-Italic.woff2"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
20596
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Last-Modified
Thu, 07 Jan 2016 09:22:42 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-8b12-b098-3c3c-4e872e3d875a
ETag
"{331FD9B6-F0C1-4F95-84E7-CC9B4E8E17C5},10"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/octet-stream
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
Open_Sans_Bold_Italic.woff
www.cartabcc.it/_catalogs/masterpage/fonts/
19 KB
20 KB
Font
General
Full URL
https://www.cartabcc.it/_catalogs/masterpage/fonts/Open_Sans_Bold_Italic.woff
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
470985029a73c80df15aaffe3cbed4b09c49801c381c82ce704595d7c0bbcc0c
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Referer
https://www.cartabcc.it/_catalogs/masterpage/css/font.css
Origin
https://www.cartabcc.it
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:39 GMT
X-Content-Type-Options
nosniff
request-id
043208a0-8b12-b098-3c3c-4abf275af84e
MicrosoftSharePointTeamServices
15.0.0.4719
X-Powered-By
ASP.NET
X-SharePointHealthScore
0
ResourceTag
rt:1E572F34-088A-4909-9203-45262ED941C6@00000000010
Content-Disposition
attachment; filename="Open_Sans_Bold_Italic.woff"
Public-Extension
http://schemas.microsoft.com/repl-2
Content-Length
19604
X-XSS-Protection
1
SPIisLatency
0
X-MS-InvokeApp
1; RequireReadOnly
SPRequestDuration
5
Last-Modified
Thu, 07 Jan 2016 09:22:50 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-8b12-b098-3c3c-4abf275af84e
ETag
"{1E572F34-088A-4909-9203-45262ED941C6},10"
X-Download-Options
noopen
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
application/font-woff
Cache-Control
private,max-age=0
Expires
Mon, 15 Nov 2021 13:05:40 GMT
fbevents.js
connect.facebook.net/en_US/
98 KB
25 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
Security Headers
Name Value
Content-Security-Policy default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'self';script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
25965
x-xss-protection
0
pragma
public
x-fb-debug
TZQ3bfHvz8kOIY/535nk+igCnP2sv3IXtBGTTXcvaw3Ok/ZdHPdigCwKaFkBL1Uyode9hYbb2ks5G22RZ/ZP1g==
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:40 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583
5139589.fls.doubleclick.net/ Frame 9309
Redirect Chain
  • https://5139589.fls.doubleclick.net/activityi;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583?
  • https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583?
441 B
374 B
Document
General
Full URL
https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583?
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.212.166 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
ams15s22-in-f6.1e100.net
Software
cafe /
Resource Hash
bac8ff581e03d5cddceb07b56b306727bdd4e28b77751f2eccf2dfa97b2eea90
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/

Response headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 30 Nov 2021 13:05:40 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
strict-transport-security
max-age=21600
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
349
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Redirect headers

p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 30 Nov 2021 13:05:40 GMT
pragma
no-cache
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
follow-only-when-prerender-shown
1
strict-transport-security
max-age=21600
location
https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583?
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
server
cafe
content-length
0
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
Classic_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
31 KB
31 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Classic_new_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
29c1e4c54c76ab5712680e54c0b69efdb2db355d19e47826ad74e9971b6cbe42
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-1b24-b098-3c3c-46dee9540392
Content-Length
31492
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:15 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-1b24-b098-3c3c-46dee9540392
ETag
"{E790AC81-9808-412B-A97B-41CB04EC94EC},157pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Gold_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
30 KB
31 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Gold_old_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fdb583e2bee22858e3b3e3e046daa26bda50f7e36786dd6f0996210d908a44d8
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-1b25-b098-3c3c-463a57e93bd2
Content-Length
31103
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:16 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-1b25-b098-3c3c-463a57e93bd2
ETag
"{E42F7A81-3B65-44CD-A38D-2F314DCEBAA1},103pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
VentisCard_Menu.png
www.cartabcc.it/Style%20Library/img/
4 KB
4 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/VentisCard_Menu.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
fe5690c827f2403d06acb35ca7b67743ef538336ae621a1de88a2623b63b0a68
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-1b25-b098-3c3c-4945c63c220d
Content-Length
3660
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 22 Nov 2017 13:27:34 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-1b25-b098-3c3c-4945c63c220d
ETag
"{580CC41D-3089-4C77-B120-50A8AE28AB2D},83pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
immagine-carta-per-sito-CartaBCC_145x91.png
www.cartabcc.it/Style%20Library/img/
14 KB
14 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/immagine-carta-per-sito-CartaBCC_145x91.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
c9d8e86ad4888f92124a40bc827b81030f78603e845331440c79b9ffecc65c10
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-1b25-b098-3c3c-4f2b75b6f2ca
Content-Length
14007
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 11 Nov 2019 11:22:51 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-1b25-b098-3c3c-4f2b75b6f2ca
ETag
"{6FA35A8A-8413-422E-9B5F-E47876AA2F6B},31pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
CArtaBCC_Classic_VISA_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
23 KB
24 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/CArtaBCC_Classic_VISA_145x91.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
4169d55735350781457e5ac29845c8296f3e5f8880268b7c35ace7781d9bf03b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b26-b098-3c3c-4cea73e11f55
Content-Length
23948
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Mon, 03 Feb 2020 11:29:22 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b26-b098-3c3c-4cea73e11f55
ETag
"{DA35D9FE-A375-407E-98E0-4415CB2F6F9E},18pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A62_Sito_CartaBCC_Co-Badge_Mastercard.jpg
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
38 KB
38 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/A62_Sito_CartaBCC_Co-Badge_Mastercard.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ee3609236eefa18dc2a4d57e0e4352626e646f3fc435e231432b5d7fbec53fa4
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b27-b098-3c3c-421dc87bdfeb
Content-Length
38496
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 27 Apr 2021 11:38:18 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b27-b098-3c3c-421dc87bdfeb
ETag
"{C7D0173A-95A9-42DE-A7B0-2C1C36EF7FBE},25pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
A62_Sito_CartaBCC_Co-Badge_Visa.jpg
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
18 KB
19 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/A62_Sito_CartaBCC_Co-Badge_Visa.jpg
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
798fcc311737a033dc548d9b1bccce0ebdf34a40ab1995d90301e39e01dc16d3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b27-b098-3c3c-4c1ed18d286e
Content-Length
18836
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 27 Apr 2021 11:38:21 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b27-b098-3c3c-4c1ed18d286e
ETag
"{3BDF04FE-0134-47DF-9E2E-98449DA951F3},17pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/jpeg
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Cash-Maestro_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
31 KB
31 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Cash-Maestro_new_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
57230c28fa1f6b89132cc6b45879cb0d76dc06be76f5160f037b6243b76ee282
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b27-b098-3c3c-4bf0e8897d51
Content-Length
31239
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:15 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b27-b098-3c3c-4bf0e8897d51
ETag
"{82476B90-12C1-4FD5-8F2F-08753C139373},93pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Cash_VPay_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
32 KB
32 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Cash_VPay_old_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e0e6a5cf7ea3142bc39e8ac5a3df12c28968d395db15430b6473d4e1262175ba
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b28-b098-3c3c-464e0d00393f
Content-Length
32506
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:15 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b28-b098-3c3c-464e0d00393f
ETag
"{062E14AC-F0BD-4ED8-AA9B-0CA30C08F9E0},79pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Ventis_Debit_Pink_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
7 KB
7 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Ventis_Debit_Pink_145x91.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
a4fa05f8818635de315841a7d5efc17424ac4fa7aa796195f3cb83b09ec81dcb
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-0b28-b098-3c3c-4680486c3c0f
Content-Length
6856
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 19 Sep 2019 09:26:30 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-0b28-b098-3c3c-4680486c3c0f
ETag
"{21DA6CD5-DA3A-4EC6-BB4F-F4433B6E9DA9},32pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Ventis_Debit_VISA_145x91.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
7 KB
7 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Ventis_Debit_VISA_145x91.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
d49379cc8f2f7ce47695fbc18e2d992ad79b2c414b3e29fef8b39ec1165f30aa
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb28-b098-3c3c-444ae660d7b2
Content-Length
6923
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 01 Aug 2019 08:53:47 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb28-b098-3c3c-444ae660d7b2
ETag
"{A8A1B498-234B-4F9B-BE50-A5475B6926C8},36pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Tasca_new_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
30 KB
31 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Tasca_new_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0975f6be2bbe94c6dcd7aa7546c758afa362b98968207acd4db1f7b57fa9ae21
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb29-b098-3c3c-46de49fbfd1c
Content-Length
31105
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:16 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb29-b098-3c3c-46de49fbfd1c
ETag
"{8AAE3F6A-E1AA-4C74-95C9-E8EF5BB6472D},95pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
TascaConto_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
27 KB
28 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/TascaConto_old_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
ecfd2e614ba18324cac553450522e0644b616963a123eb310c7cf2011a2d2efd
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb29-b098-3c3c-40602bdf75d8
Content-Length
28121
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:16 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb29-b098-3c3c-40602bdf75d8
ETag
"{5C8F91F1-9B62-4A53-95A1-FA87FBECB659},97pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
impresa%2080x49.png
www.cartabcc.it/PublishingImages/
8 KB
8 KB
Image
General
Full URL
https://www.cartabcc.it/PublishingImages/impresa%2080x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e7928d115bbeade4591d6525789a360c001c03098286dec2bcdf64272897146d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb2a-b098-3c3c-406bc721cf98
Content-Length
7806
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Wed, 26 Feb 2020 08:32:56 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb2a-b098-3c3c-406bc721cf98
ETag
"{4B749EB5-DE98-4F87-83C1-33980B949DDB},20pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
Corporate_old_80x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
32 KB
32 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/Corporate_old_80x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
df0d34a8dfd2be2c60889e634b5fdad3d1bad855881735b33c671e84e4f1e182
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb2a-b098-3c3c-473af24e4518
Content-Length
32617
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 08 Nov 2016 16:04:16 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb2a-b098-3c3c-473af24e4518
ETag
"{A07C3360-866D-456E-A5F9-77621A7FD0E1},68pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
tasca_business%2080x49.png
www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/
8 KB
8 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/carte%20menu%2080x49%20ok/tasca_business%2080x49.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
7bdf22ffb529e43c1d080e28259c013b75e377c229b740c123c6849af49e8f66
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb2a-b098-3c3c-4a7941ec7b0a
Content-Length
7827
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Tue, 29 Jan 2019 15:53:10 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb2a-b098-3c3c-4a7941ec7b0a
ETag
"{D90CA99F-3D61-4F34-8A59-F2EEB5DD30BA},29pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
CartaBCCPOS_527X347.png
www.cartabcc.it/Style%20Library/img/New%20design%20527x347%20carta%20scheda%20prodotto/
9 KB
9 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/New%20design%20527x347%20carta%20scheda%20prodotto/CartaBCCPOS_527X347.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
f98b9217f41d70643fbe413ec1d526ebd8524cec86f38e16f5bdaea6d281f40b
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-fb2a-b098-3c3c-444260cd9e87
Content-Length
9083
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Sun, 13 Sep 2015 16:12:32 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-fb2a-b098-3c3c-444260cd9e87
ETag
"{79930E92-CD04-4E6F-A156-B16A50721DBD},24pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
close.png
www.cartabcc.it/Style%20Library/img/
1 KB
2 KB
Image
General
Full URL
https://www.cartabcc.it/Style%20Library/img/close.png
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
24eb071c600fe4a3ba31ac2c4f33c34eac3b3780ac8c8f5924bcf00d66acfa73
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
X-Content-Type-Options
nosniff
X-AspNet-Version
4.0.30319
X-Powered-By
ASP.NET
Cache-Control
public, max-age=86400
request-id
043208a0-eb2b-b098-3c3c-42741d90ef40
Content-Length
1065
X-XSS-Protection
1
X-MS-InvokeApp
1; RequireReadOnly
Last-Modified
Thu, 07 Jan 2016 09:18:44 GMT
Server
Microsoft-IIS/8.5
SPRequestGuid
043208a0-eb2b-b098-3c3c-42741d90ef40
ETag
"{C4DF2AC6-05F6-4E92-AA6B-11F0A4F530A5},1pub"
X-FRAME-OPTIONS
SAMEORIGIN
Content-Type
image/png
MicrosoftSharePointTeamServices
15.0.0.4719
Accept-Ranges
bytes
/
track.adform.net/Serving/TrackPoint/
Redirect Chain
  • https://s2.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdef...
  • https://track.adform.net/Serving/TrackPoint/?pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2F...
  • https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagi...
104 B
584 B
Script
General
Full URL
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Server
37.157.2.238 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
1ee9d84d2672ca8a499d2218ffe73d5d9ce86c69861864a22fc3afc3c462d2aa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
strict-transport-security
max-age=31536000; includeSubDomains
content-type
text/javascript; charset=utf-8
content-length
179
expires
-1

Redirect headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
server
nginx
location
https://track.adform.net/Serving/TrackPoint/?CC=1&pm=704645&ADFPageName=Home&ADFdivider=%7C&ord=182757331499&Set1=en-US%7Cen-US%7C1600x1200%7C24&ADFtpmode=2&loc=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx
strict-transport-security
max-age=31536000; includeSubDomains
p3p
CP="NOI DSP COR NID CURa ADMa DEVa TAIa PSAa PSDa OUR LEG NAV INT"
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate, no-transform
content-type
text/html; charset=utf-8
expires
-1
dragdrop.js
www.cartabcc.it/_layouts/15/
83 KB
21 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/dragdrop.js?rev=LqsILQdmX9MDOiy%2BCmfRCw%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
1b3d01cebe00670eeed492b5e4edec8d4c7056cce5b597a6c8c94f0c1f9119bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Sep 2021 16:19:42 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
21101
ETag
"0e3c25284a9d71:0"
status
www.facebook.com/x/oauth/
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?client_id=120834568001752&input_token&origin=1&redirect_uri=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&sdk=joey&wants_cookie_data=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=bd3713d641fd70e5701e13e39adf58e4
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
+zViB67vxQutMfWn0Lvk60kHZoJQA0//3f5+6RWP66LNFWB4OZvE5yknfKLotjuayJAy3kIsbiGpkD1C2IkDIA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
fb-s
unknown
date
Tue, 30 Nov 2021 13:05:40 GMT
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://www.cartabcc.it
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
expires
Sat, 01 Jan 2000 00:00:00 GMT
feed
graph.facebook.com/1465771113712398/
427 B
308 B
XHR
General
Full URL
https://graph.facebook.com/1465771113712398/feed?access_token=1416719458657646%7C4BjfR6SqK8tUOififgHtmAvKcU8&limit=2&method=get&pretty=0&sdk=joey&suppress_http_code=1
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=bd3713d641fd70e5701e13e39adf58e4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f045:12:face:b00c:0:2 Amsterdam, Netherlands, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
7dc834abf7aa8506dabac1e129f07fabfadd806af2ea045fc04d05341ed06a88
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload

Request headers

Referer
https://www.cartabcc.it/
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

strict-transport-security
max-age=15552000; preload
content-encoding
br
www-authenticate
OAuth "Facebook Platform" "invalid_request" "(#10) This endpoint requires the 'manage_pages' or 'pages_read_user_content' permission or the 'Page Public Content Access' feature. Refer to https://developers.facebook.com/docs/apps/review/login-permissions#manage-pages and https://developers.facebook.com/docs/apps/review/feature#reference-PAGES_ACCESS for details."
x-app-usage
{"call_count":0,"total_cputime":0,"total_time":0}
cross-origin-resource-policy
cross-origin
x-fb-rev
1004776213
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
268
x-fb-rlafr
0
pragma
no-cache
x-fb-debug
a//NaEIeIRB5vik6ZlYU3CoocMJDc6bxmvOmyzbmLuB0/VlOcSDVv9kXUsCtE4HTrZsBlgWWi0koAr7ETUWKoA==
x-fb-trace-id
Aq3XnJLBxXk
date
Tue, 30 Nov 2021 13:05:40 GMT
vary
Origin, Accept-Encoding
content-type
application/json; charset=UTF-8
access-control-allow-origin
*
x-fb-request-id
Aw65FAfS_iAqpHz9X9As1BG
cache-control
no-store
facebook-api-version
v5.0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
syncframe
gum.criteo.com/ Frame 79D8
11 KB
5 KB
Document
General
Full URL
https://gum.criteo.com/syncframe?topUrl=www.cartabcc.it&origin=onetag
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a02:2638::1c , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
44fdd1eb3c024fe9fb4faeb815b2367ace182437a87eb25a75d7802d0f3c88c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/

Response headers

cache-control
private, max-age=3600
content-type
text/html; charset=utf-8
content-encoding
gzip
vary
Accept-Encoding
strict-transport-security
max-age=31536000
cross-origin-resource-policy
cross-origin
cross-origin-embedder-policy
require-corp
server-processing-duration-in-ticks
1917
date
Tue, 30 Nov 2021 13:05:40 GMT
content-length
4685
185490025453730
connect.facebook.net/signals/config/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/185490025453730?v=2.9.48&r=stable
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
65d9f134351cfb463a24469e3767a725acb365c1140c683b72716f4a8c29a0d0
Security Headers
Name Value
Content-Security-Policy default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

content-security-policy
default-src * data: blob: 'self';script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;
content-encoding
gzip
x-content-type-options
nosniff
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
x-xss-protection
0
pragma
public
x-fb-debug
ukndW/Q13W2IpQtnUwWbh5qHSqd1V7QTvsZ1rYSToPCOeH88X9erTpfWxZv+zKQkJSbi769tGUmFnQTHtrRr9Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:40 GMT
strict-transport-security
max-age=31536000; preload; includeSubDomains
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cache-control
public, max-age=1200
x-fb-rlafr
0
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
adservice.google.com/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/ Frame FE6D
440 B
816 B
Document
General
Full URL
https://adservice.google.com/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/
Requested by
Host: 5139589.fls.doubleclick.net
URL: https://5139589.fls.doubleclick.net/activityi;dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583?
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef8cf94a963a74f0c3acfbad1c5df4109c0dad18987055ed7926e11292ad5515
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://5139589.fls.doubleclick.net/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 30 Nov 2021 13:05:40 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
cache-control
no-cache, must-revalidate
content-type
text/html; charset=UTF-8
pragma
no-cache
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
347
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
mquery.js
www.cartabcc.it/_layouts/15/
22 KB
6 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/mquery.js?rev=VYAJYBo5H8I3gVSL3MzD6A%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
b8fbf8d23cb7158e74924a38361e3ba96a4044e57677d3dbf2d45fa93e4cb2de
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Jan 2014 06:06:06 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
5873
ETag
"0dbca33118cf1:0"
core.js
www.cartabcc.it/_layouts/15/
324 KB
84 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/core.js?rev=BoOTONqXW5dYCwvqGhdhCw%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e5c750ac2f038732ddd1eed5cd3c58b3ee2b0fb3a207fb55525783d412c8a160
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Mon, 23 Mar 2020 07:46:24 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
85119
ETag
"08a826e70d61:0"
sid
mug.criteo.com/ Frame 79D8
Redirect Chain
  • https://gum.criteo.com/sid/json?origin=onetag&domain=cartabcc.it&sn=ChromeSyncframe&so=0&topUrl=www.cartabcc.it&cw=1&lsw=1
  • https://mug.criteo.com/sid?cpp=Q44SS3xVUnRXVWt2Y1lPN1RsRHhldFVSZWdUR2gyTXlQamhoOGR5d3Y0K1FZY3ZqRHBZS09SRUNIck5XeVFjNEFmL3ZiMzF1SHRoYUtvSDVSWjBNMXFrajNGekhkVHhkZ1hVVms1bDJRelZlMVFzYlByaFdqNUtiRkQyeG...
441 B
623 B
Fetch
General
Full URL
https://mug.criteo.com/sid?cpp=Q44SS3xVUnRXVWt2Y1lPN1RsRHhldFVSZWdUR2gyTXlQamhoOGR5d3Y0K1FZY3ZqRHBZS09SRUNIck5XeVFjNEFmL3ZiMzF1SHRoYUtvSDVSWjBNMXFrajNGekhkVHhkZ1hVVms1bDJRelZlMVFzYlByaFdqNUtiRkQyeGpJbXhoTDQyMWRPZG5COVhMbzBLb0dnMjZYZVNiNkF3c090UGh6WWlWcGpaNG5DSmNBMjJaVVBaTENPMzUyeTJ2MnBYS0VnNThlUVA4WGREQjVsQTNLRlBHb3ZzOWV6bFhMa1czR21zdmtrR1Y5SmN5NzBXQTlBSTZ5UHQ3Z2VLQTRuc2RzQkdkc2hEQVJ3T2g5K1NwZWVuOXZIR3ZoZz09fA&cppv=2
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H2
Server
178.250.0.157 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
/
Resource Hash
dbea450eddd30570791d7f3f15b7bf273906873af292025ade3dbfffb0d5de58
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://gum.criteo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000
content-encoding
gzip
date
Tue, 30 Nov 2021 13:05:40 GMT
vary
Accept-Encoding
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
https://gum.criteo.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
server-processing-duration-in-ticks
4352
expires
0

Redirect headers

pragma
no-cache
strict-transport-security
max-age=31536000
date
Tue, 30 Nov 2021 13:05:40 GMT
content-type
text/html; charset=utf-8
location
https://mug.criteo.com/sid?cpp=Q44SS3xVUnRXVWt2Y1lPN1RsRHhldFVSZWdUR2gyTXlQamhoOGR5d3Y0K1FZY3ZqRHBZS09SRUNIck5XeVFjNEFmL3ZiMzF1SHRoYUtvSDVSWjBNMXFrajNGekhkVHhkZ1hVVms1bDJRelZlMVFzYlByaFdqNUtiRkQyeGpJbXhoTDQyMWRPZG5COVhMbzBLb0dnMjZYZVNiNkF3c090UGh6WWlWcGpaNG5DSmNBMjJaVVBaTENPMzUyeTJ2MnBYS0VnNThlUVA4WGREQjVsQTNLRlBHb3ZzOWV6bFhMa1czR21zdmtrR1Y5SmN5NzBXQTlBSTZ5UHQ3Z2VLQTRuc2RzQkdkc2hEQVJ3T2g5K1NwZWVuOXZIR3ZoZz09fA&cppv=2
cache-control
no-cache, no-store, must-revalidate
server-processing-duration-in-ticks
1825
content-length
541
expires
0
/
www.facebook.com/tr/
44 B
91 B
Image
General
Full URL
https://www.facebook.com/tr/?id=185490025453730&ev=PageView&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&rl=&if=false&ts=1638277540865&sw=1600&sh=1200&v=2.9.48&r=stable&ec=0&o=30&fbp=fb.1.1638277540864.186521636&it=1638277540732&coo=false&exp=p0&rqm=GET
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 30 Nov 2021 13:05:40 GMT
oslo.css
www.cartabcc.it/_layouts/15/1040/styles/Themable/
64 KB
64 KB
Image
General
Full URL
https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/_layouts/15/1040/styles/Themable/oslo.css?rev=PmCwwA6FGSZ9YRjy%2FiI%2B5Q%3D%3D
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 24 Mar 2020 20:35:18 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
text/css
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
46672
ETag
"08713bb1b2d61:0"
sharing.js
www.cartabcc.it/_layouts/15/
26 KB
8 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/sharing.js?rev=XxxHIxIIc8BsW9ikVc6dgA%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
bc079e5a4e58c7446ded814230e4733efdae98cfbfde22445fdb72b723624f86
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 28 Apr 2015 19:19:20 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
7645
ETag
"0ecb3ae881d01:0"
/
adservice.google.it/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/ Frame FBF2
194 B
870 B
Document
General
Full URL
https://adservice.google.it/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/
Requested by
Host: adservice.google.com
URL: https://adservice.google.com/ddm/fls/i/dc_pre=CMuH6LaTwPQCFRMfBgAdvNUDvg;src=5139589;type=invmedia;cat=nw7ldhj1;ord=4222694804405.2583;~oref=https://www.cartabcc.it/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:812::2002 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://adservice.google.com/

Response headers

p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
timing-allow-origin
*
cross-origin-resource-policy
cross-origin
date
Tue, 30 Nov 2021 13:05:41 GMT
expires
Tue, 30 Nov 2021 13:05:41 GMT
cache-control
private, max-age=0
content-type
text/html; charset=UTF-8
x-content-type-options
nosniff
content-encoding
gzip
server
cafe
content-length
177
x-xss-protection
0
alt-svc
h3="googleads.g.doubleclick.net:443"; ma=2592000,h3=":443"; ma=2592000,h3-29="googleads.g.doubleclick.net:443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043="googleads.g.doubleclick.net:443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic="googleads.g.doubleclick.net:443"; ma=2592000; v="46,43",quic=":443"; ma=2592000; v="46,43"
callout.js
www.cartabcc.it/_layouts/15/
26 KB
8 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/callout.js?rev=ryx2n4ePkYj1%2FALmcsXZfA%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
39e8386b4e8a4a0ba1de3031f050265df97f635c9d30990212970a79b14d5726
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Jan 2014 06:06:04 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
7628
ETag
"0ae9932118cf1:0"
event
sslwidget.criteo.com/
7 KB
8 KB
Script
General
Full URL
https://sslwidget.criteo.com/event?a=33332&v=5.8.0&p0=e%3Dexd%26site_type%3Dd&p1=e%3Dce%26m%3D%255B%255D&p2=e%3Dvh&p3=e%3Dvh&p4=e%3Ddis&adce=1&bundle=HRefjl9wR0xHUCUyQlJnZWRaR0VRcWdobTZuRDRWUiUyRlFRU0tlTkYweEVZZ1YlMkJNSnUyNWhyRmxIYThEZ1ljMThpcklCMktqMThBSTJjNE1UdDI5RjcwSXZjNyUyQlp3aWpqS0VzSHhhRUxWZmhBRVJVQVFQJTJCcFBpa0k3QnUzMXpuS0h2JTJCb3A3T0N3SHElMkY2NEtVZHNSRSUyQkQ4c0lIUW53JTNEJTNE&tld=cartabcc.it&dtycbr=47226
Requested by
Host: static.criteo.net
URL: https://static.criteo.net/js/ld/ld.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
178.250.2.151 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
19836f0667c43dd73ce40047f01519a06e750972f9dad33ef4313d652eb49e87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
content-type
application/x-javascript
server
Kestrel
p3p
NON DSP COR CURa PSA PSD OUR BUS NAV STA
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
12430284
timing-allow-origin
*
expires
0
ScriptResx.ashx
www.cartabcc.it/_layouts/15/
39 KB
14 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/ScriptResx.ashx?culture=it%2Dit&name=SP%2ERes&rev=rYx7WNBtgVDnLE3%2FC3khRg%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
3223ccaa46f2320f7d698bc38b969c5baf6e33d4dc2f291bf770bdb24e7b34d7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Wed, 15 Sep 2021 03:11:00 GMT
Server
Microsoft-IIS/8.5
X-AspNet-Version
4.0.30319
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/x-javascript; charset=utf-8
Cache-Control
public, max-age=31536000
Content-Length
14084
X-XSS-Protection
1
MicrosoftSharePointTeamServices
15.0.0.4719
sp.init.js
www.cartabcc.it/_layouts/15/
31 KB
9 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/sp.init.js?rev=jvJC3Kl5gbORaLtf7kxULQ%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
c38f09f7cbd22ed93585150ca71f950737ffc04b4edef1494fafb79019fa267d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:40 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 28 Apr 2015 19:19:20 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
8385
ETag
"0ecb3ae881d01:0"
share_button.php
www.facebook.com/plugins/ Frame 2316
41 KB
13 KB
Document
General
Full URL
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=bd3713d641fd70e5701e13e39adf58e4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
637ad492737f2b4dd321b6376f85df9ae0318e058256f4ef8d46ba99346bb01a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
YHcjUWkn+7m7zbhJ1/h9Hx7/Ty07S3BjZIvdTcKQsUbFE8FSLz7x0nnWM0suZh1ZocavtsRFIGFi0RPPaxIO7g==
date
Tue, 30 Nov 2021 13:05:41 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
like.php
www.facebook.com/plugins/ Frame F7B7
34 KB
13 KB
Document
General
Full URL
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/it_IT/all.js?hash=bd3713d641fd70e5701e13e39adf58e4
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
cdaab006d7b729b3d083a5e35c202f4339c2e493abffc8de9f435718d040a7b6
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/

Response headers

vary
Accept-Encoding
content-encoding
br
x-fb-rlafr
0
document-policy
force-load-at-top
cross-origin-opener-policy
unsafe-none
pragma
no-cache
cache-control
private, no-cache, no-store, must-revalidate
expires
Sat, 01 Jan 2000 00:00:00 GMT
x-content-type-options
nosniff
x-xss-protection
0
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
content-type
text/html; charset="utf-8"
x-fb-debug
EeAHrV8AyfegaMp6JjkDTqnvXCw1VEjzFWAz5C9YvA/pPsxxbZryT7R22F0QTLUGrC9K9NEla4hS5kERqLTtDA==
date
Tue, 30 Nov 2021 13:05:41 GMT
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
cookiematch.aspx
dis.criteo.com/dis/rtb/google/ Frame 5C66
Redirect Chain
  • https://cm.g.doubleclick.net/pixel?google_nid=cjp&google_sc&google_ula=913071&google_hm=ay1TTGE1MU93dUhvcGxrSk1QRkpzZjRRa3E3SE90cndJWHhYUDEtZw
  • https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
43 B
341 B
Image
General
Full URL
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
content-type
image/gif
server
Kestrel
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
303734
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
server
HTTP server (unknown)
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
location
https://dis.criteo.com/dis/rtb/google/cookiematch.aspx?id=&google_ula=913071,0
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
text/html; charset=UTF-8
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
279
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
cookie-sync
sync.outbrain.com/ Frame 5C66
0
476 B
Image
General
Full URL
https://sync.outbrain.com/cookie-sync?p=criteo&uid=k-o3GwE-wuHoplkJMPFJsf4Qkq7HM-fe7vRNxmdQ
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
64.202.112.159 , United States, ASN22075 (AS-OUTBRAIN, US),
Reverse DNS
ny.outbrain.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Cache-Control
no-cache
X-TraceId
bd72ae10878908fc30909a0548651d01
Content-Length
0
tap.php
pixel.rubiconproject.com/ Frame 5C66
0
239 B
Image
General
Full URL
https://pixel.rubiconproject.com/tap.php?v=6434&nid=2149&put=k-IXXj1OwuHoplkJMPFJsf4Qkq7HOnNLXEgL7tnA&expires=30
Protocol
HTTP/1.1
Security
TLS 1.2, RSA, AES_256_GCM
Server
8.39.36.141 Los Angeles, United States, ASN26667 (RUBICONPROJECT, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Expires
0
Cache-Control
no-cache,no-store,must-revalidate
P3P
CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"
X-RPHost
0963d041a95f271fbba7f411adc03573
Content-Type
image/gif
/
rtb-csync.smartadserver.com/redir/ Frame 5C66
43 B
163 B
Image
General
Full URL
https://rtb-csync.smartadserver.com/redir/?partnerid=79&partneruserid=k-lMeToewuHoplkJMPFJsf4Qkq7HNhF5s9OnP09Q
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
185.86.139.115 , France, ASN201081 (SMARTADSERVER, FR),
Reverse DNS
Software
/
Resource Hash
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
transfer-encoding
chunked
content-type
image/gif
bounce
secure.adnxs.com/ Frame 5C66
Redirect Chain
  • https://secure.adnxs.com/setuid?entity=52&code=k-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ&seg=130915
  • https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ%26seg%3D130915
43 B
1 KB
Image
General
Full URL
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ%26seg%3D130915
Protocol
HTTP/1.1
Server
185.33.221.13 Amsterdam, Netherlands, ASN29990 (ASN-APPNEX, US),
Reverse DNS
729.bm-nginx-loadbalancer.mgmt.ams1.adnexus.net
Software
nginx/1.17.9 /
Resource Hash
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
Security Headers
Name Value
X-Xss-Protection 0

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
X-Proxy-Origin
82.102.26.70; 82.102.26.70; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
4e8e8067-8054-4290-9ac6-ca461285e8ec
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Access-Control-Allow-Origin
*
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
X-Proxy-Origin
82.102.26.70; 82.102.26.70; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f15ab06d-bc6c-44ef-a156-2ab0717e82a0
Server
nginx/1.17.9
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://secure.adnxs.com/bounce?%2Fsetuid%3Fentity%3D52%26code%3Dk-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ%26seg%3D130915
Cache-Control
no-store, no-cache, private
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5C66
Redirect Chain
  • https://ib.adnxs.com/seg?add=7643336&redir=https%3A%2F%2Fib.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://ib.adnxs.com/bounce?%2Fseg%3Fadd%3D7643336%26redir%3Dhttps%253A%252F%252Fib.adnxs.com%252Fgetuid%253Fhttps%253A%252F%252Fdis.criteo.com%252Fdis%252Frtb%252Fappnexus%252Fcookiematch.aspx%253...
  • https://ib.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
43 B
342 B
Image
General
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
content-type
image/gif
server
Kestrel
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
7302562
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
X-Proxy-Origin
82.102.26.70; 82.102.26.70; 727.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
bb5892d2-02ce-42e6-8316-e5c5705c999e
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
c.gif
c.bing.com/ Frame 5C66
42 B
594 B
Image
General
Full URL
https://c.bing.com/c.gif?Red3=CTOMS_pd&cbid=k-XCMvDuwuHoplkJMPFJsf4Qkq7HPAeLMiya9KyQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
etag
"f95a3e4769d2d71:0"
last-modified
Fri, 05 Nov 2021 17:19:23 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: D222AAA4BDDC49ABBC10598221AFA122 Ref B: MIL30EDGE0314 Ref C: 2021-11-30T13:05:41Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
v1
ads.yahoo.com/cms/ Frame 5C66
0
445 B
Image
General
Full URL
https://ads.yahoo.com/cms/v1?esig=1~7315a025058f3128185459bfaf16e164414683fc&nwid=10000545908&sigv=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1288:80:800::7001 Frankfurt am Main, Germany, ASN203220 (YAHOO-DEB, GB),
Reverse DNS
Software
ATS /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=15552000
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
cache-control
no-store
x-content-type-options
nosniff
server
ATS
strict-transport-security
max-age=15552000
expect-ct
max-age=31536000, report-uri="http://csp.yahoo.com/beacon/csp?src=yahoocom-expect-ct-report-only"
x-xss-protection
1; mode=block
sync
ups.analytics.yahoo.com/ups/58301/ Frame 5C66
Redirect Chain
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig
  • https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig&verify=true
0
121 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig&verify=true
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/58301/sync?_origin=1&uid=k-FsUxwOwuHoplkJMPFJsf4Qkq7HPWPQ6jP-n2Ig&verify=true
date
Tue, 30 Nov 2021 13:05:41 GMT
server
ATS/9.1.0.33
age
0
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
match
ad.360yield.com/ul_cb/ Frame 5C66
Redirect Chain
  • https://ad.360yield.com/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q
  • https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q
43 B
445 B
Image
General
Full URL
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q
Protocol
H2
Server
54.246.208.198 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-246-208-198.eu-west-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
date
Tue, 30 Nov 2021 13:05:41 GMT
content-type
image/gif
content-length
43
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Redirect headers

location
https://ad.360yield.com/ul_cb/match?publisher_dsp_id=38&external_user_id=k-d51z7OwuHoplkJMPFJsf4Qkq7HNyLRWFKNZR4Q
date
Tue, 30 Nov 2021 13:05:41 GMT
content-type
text/plain
content-length
0
p3p
CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"
Pug
simage2.pubmatic.com/AdServer/ Frame 5C66
42 B
341 B
Image
General
Full URL
https://simage2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTI0NTMmdGw9NDMyMDA=&piggybackCookie=uid:k-KUq_uOwuHoplkJMPFJsf4Qkq7HMIQQWwfxfn2g
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
185.64.189.110 , United Kingdom, ASN62713 (AS-PUBMATIC, US),
Reverse DNS
Software
nginx /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:40 GMT
cache-control
no-store, no-cache, private
x-lat
amspug007:0:298
server
nginx
content-type
image/gif; charset=utf-8
content-length
42
p3p
CP="NOI DSP COR LAW CUR ADMo DEVo TAIo PSAo PSDo IVAo IVDo HISo OTPo OUR SAMo BUS UNI COM NAV INT DEM CNT STA PRE LOC"
rum
r.casalemedia.com/ Frame 5C66
Redirect Chain
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A
  • https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A&C=1
43 B
1 KB
Image
General
Full URL
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A&C=1
Protocol
HTTP/1.1
Server
2.18.234.21 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-18-234-21.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
Server
Apache
Vary
Is-Traffic-Usersync
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
image/gif
Content-Length
43
Expires
Tue, 30 Nov 2021 13:05:41 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
Server
Apache
P3p
policyref="/w3c/p3p.xml", CP="NOI DSP COR DEVa TAIa OUR BUS UNI"
Location
https://r.casalemedia.com/rum?cm_dsp_id=20&external_user_id=k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A&C=1
Cache-Control
max-age=0, no-cache, no-store
Connection
keep-alive
Content-Type
text/html; charset=iso-8859-1
Content-Length
296
Expires
Tue, 30 Nov 2021 13:05:41 GMT
/
sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/ Frame 5C66
0
231 B
Image
General
Full URL
https://sync-t1.taboola.com/sg/criteortb-network/1/rtb-h/?taboola_hm=k-iTaDs-wuHoplkJMPFJsf4Qkq7HPqZZW3EzYIEw
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
141.226.228.48 , Netherlands, ASN200478 (TABOOLA-AS, IL),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
access-control-allow-credentials
true
server
nginx
x-fastly-to-nlb-rtt
25251
pixel
cm.adform.net/ Frame 5C66
43 B
163 B
Image
General
Full URL
https://cm.adform.net/pixel?adform_pid=15&adform_pc=k-HphyVuwuHoplkJMPFJsf4Qkq7HNx142u8e6dqQ
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
37.157.4.24 , Denmark, ASN198622 (ADFORM, DK),
Reverse DNS
Software
nginx /
Resource Hash
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
last-modified
Wed, 11 Oct 2017 13:39:07 GMT
server
nginx
accept-ranges
bytes
etag
"59de1efb-2b"
content-length
43
content-type
image/gif
um
criteo-sync.teads.tv/ Frame 5C66
23 B
172 B
Image
General
Full URL
https://criteo-sync.teads.tv/um?eid=80&uid=k-xKUAhOwuHoplkJMPFJsf4Qkq7HPXX4G8uiJi7w
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.111.242.245 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-111-242-245.deploy.static.akamaitechnologies.com
Software
akka-http/10.2.6 /
Resource Hash
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
cache-control
max-age=0, no-cache, no-store
expires
Tue, 30 Nov 2021 13:05:41 GMT
server
akka-http/10.2.6
content-length
23
content-type
image/gif
xuid
eb2.3lift.com/ Frame 5C66
Redirect Chain
  • https://eb2.3lift.com/xuid?mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b
  • https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
37 B
352 B
Image
General
Full URL
https://eb2.3lift.com/xuid?ld=1&mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
Protocol
H2
Server
13.248.245.213 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
a0f671730127a0812.awsglobalaccelerator.com
Software
/
Resource Hash
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-type
image/gif
content-length
37
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"

Redirect headers

location
/xuid?ld=1&mid=2711&xuid=k-i1cNSewuHoplkJMPFJsf4Qkq7HOD-r5q_Tn59w&dongle=013b&gdpr=1&cmp_cs=&us_privacy=
date
Tue, 30 Nov 2021 13:05:41 GMT
cache-control
no-cache, no-store, must-revalidate
content-length
0
p3p
policyref="http://cdn.3lift.com/w3c/p3p.xml", CP="NON DSP COR NID OUR DEL SAM OTR UNR COM NAV INT DEM CNT STA PRE LOC OTC"
sync
x.bidswitch.net/ul_cb/ Frame 5C66
Redirect Chain
  • https://x.bidswitch.net/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30
  • https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30
43 B
495 B
Image
General
Full URL
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30
Protocol
HTTP/1.1
Server
3.127.120.47 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-120-47.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
43
Content-Type
image/gif

Redirect headers

Location
https://x.bidswitch.net/ul_cb/sync?dsp_id=46&user_id=k-_2GtfuwuHoplkJMPFJsf4Qkq7HNa6wLIWbEC8g&expires=30
Date
Tue, 30 Nov 2021 13:05:41 GMT
Cache-Control
no-cache, no-store, must-revalidate
Connection
keep-alive
Content-Length
0
cksync.php
contextual.media.net/ Frame 5C66
45 B
783 B
Image
General
Full URL
https://contextual.media.net/cksync.php?cs=3&type=crt&ovsid=k-YdGUsuwuHoplkJMPFJsf4Qkq7HN2dDDtWi6glA
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.21.140.74 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a2-21-140-74.deploy.static.akamaitechnologies.com
Software
Apache /
Resource Hash
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
Security Headers
Name Value
Strict-Transport-Security max-age=604800

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=604800
server
Apache
date
Tue, 30 Nov 2021 13:05:41 GMT
p3p
CP="NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA", CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA, CP: NON DSP COR NID CUR ADMa DEVo TAI PSA PSDo HIS OUR BUS COM NAV INT STA
cache-control
max-age=0, no-cache, no-store
content-type
image/gif
content-length
45
x-mnet-hl2
E
expires
Tue, 30 Nov 2021 13:05:41 GMT
v1
match.sharethrough.com/sync/ Frame 5C66
68 B
263 B
Image
General
Full URL
https://match.sharethrough.com/sync/v1?source_id=7658cb1d77a660882b48db06&source_user_id=k-KyLc8ewuHoplkJMPFJsf4Qkq7HPc832xNDuDgg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.157.150.79 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-157-150-79.eu-central-1.compute.amazonaws.com
Software
/
Resource Hash
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
content-length
68
content-type
image/png
sync
visitor.omnitagjs.com/visitor/ Frame 5C66
49 B
235 B
Image
General
Full URL
https://visitor.omnitagjs.com/visitor/sync?uid=732efe97317e6352de4c1caf24b5064b&name=CRITEO&visitor=k-fol6Q-wuHoplkJMPFJsf4Qkq7HPH170whwJKYg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
185.255.84.152 Paris, France, ASN200271 (IGUANE-, FR),
Reverse DNS
Software
ayl-lb-fra02 /
Resource Hash
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
x-content-type-options
nosniff
server
ayl-lb-fra02
vary
Accept-Encoding
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
x-envoy-upstream-service-time
2
content-length
49
expires
0
empty.gif
cdn.stickyadstv.com/one-shot/ Frame 5C66
Redirect Chain
  • https://ads.stickyadstv.com/user-registering?dataProviderId=434&userId=k-cOwU--wuHoplkJMPFJsf4Qkq7HNAerk18UUN5Q&redirectId=69
  • https://cdn.stickyadstv.com/one-shot/empty.gif?
43 B
438 B
Image
General
Full URL
https://cdn.stickyadstv.com/one-shot/empty.gif?
Protocol
HTTP/1.1
Server
2001:4de0:ac19::1:b:2a , Netherlands, ASN20446 (HIGHWINDS3, US),
Reverse DNS
Software
/
Resource Hash
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Last-Modified
Thu, 28 Feb 2013 15:45:35 GMT
ETag
"1362066335"
X-HW
1638277541.dop028.ml1.t,1638277541.cds017.ml1.shn,1638277541.cds017.ml1.c
Content-Type
image/gif
Access-Control-Allow-Origin
*
Cache-Control
max-age=7200
Access-Control-Allow-Credentials
true
Connection
Keep-Alive
Accept-Ranges
bytes
Content-Length
43

Redirect headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
Server
nginx
Access-Control-Allow-Origin
*
Location
https://cdn.stickyadstv.com/one-shot/empty.gif?
Cache-Control
max-age=0, no-cache, no-store
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Length
0
x-sticky-vk
1638277541509028-397
Expires
Tue, 30 Nov 2021 13:05:41 GMT
sync
ups.analytics.yahoo.com/ups/55945/ Frame 5C66
Redirect Chain
  • https://pixel.advertising.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1
  • https://pixel.advertising.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&verify=true
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
0
341 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-ONnsVOwuHoplkJMPFJsf4Qkq7HP_6ii_qfEJzQ&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
date
Tue, 30 Nov 2021 13:05:41 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sync
matching.ivitrack.com/ Frame 5C66
42 B
242 B
Image
General
Full URL
https://matching.ivitrack.com/sync?realm=criteo&uid=k-x4tfh-wuHoplkJMPFJsf4Qkq7HPNVYbljsfsdQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.243.160 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
160.243.186.35.bc.googleusercontent.com
Software
istio-envoy /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
via
1.1 google
x-envoy-decorator-operation
tag-manager.programmatic.svc.cluster.local:3000/*
server
istio-envoy
content-type
image/gif
cache-control
public, max-age=86400
x-envoy-upstream-service-time
0
alt-svc
clear
content-length
42
sync
sync-criteo.ads.yieldmo.com/ Frame 5C66
43 B
456 B
Image
General
Full URL
https://sync-criteo.ads.yieldmo.com/sync?id=k-1cfQa-wuHoplkJMPFJsf4Qkq7HNjHOpbGKj6zQ&pn_id=criteo&ext=1
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.214.196.229 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-18-214-196-229.compute-1.amazonaws.com
Software
/
Resource Hash
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

access-control-allow-origin
*
pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
content-type
image/gif
content-length
43
access-control-allow-methods
GET, OPTIONS
access-control-request-headers
Cache-Control, Pragma
m
cm.mgid.com/ Frame 5C66
Redirect Chain
  • https://cm.mgid.com/m?cdsp=617660&c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg
  • https://cm.mgid.com/m?c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg&cdsp=617660&sct=1
43 B
501 B
Image
General
Full URL
https://cm.mgid.com/m?c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg&cdsp=617660&sct=1
Protocol
H3
Server
104.19.132.78 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
content-type
image/gif
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
cf-ray
6b6449ebcdba59d7-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400

Redirect headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
cf-cache-status
DYNAMIC
server
cloudflare
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
p3p
CP="NOI DSP COR LAW NID CURa ADMa DEVa PSAa PSDa OUR BUS IND UNI COM NAV INT DEM"
location
http://cm.mgid.com/m?c=k-8Ms5HewuHoplkJMPFJsf4Qkq7HOAiHY12pXqlg&cdsp=617660&sct=1
cache-control
max-age=0, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cf-ray
6b6449eb1d103742-MXP
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
/
s.ad.smaato.net/c/ Frame 5C66
0
239 B
Image
General
Full URL
https://s.ad.smaato.net/c/?dspInit=1001851&dspCookie=k-fP0_r-wuHoplkJMPFJsf4Qkq7HMSSJtGDMX6Vg
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20eb:9000:1b:5138:8a40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
via
1.1 f046bfa1468bb4385e357c8c9128cf51.cloudfront.net (CloudFront)
server
CloudFront
cache-control
no-cache, must-revalidate
x-amz-cf-pop
FRA2-C1
x-amz-cf-id
MWnrhSPl1bGc6-UM4EcdRwNUJKxJhGgi5x0OlJoBAsezX8E2OBXqEA==
x-cache
FunctionGeneratedResponse from cloudfront
28292
i6.liadm.com/s/ Frame 5C66
Redirect Chain
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA
  • https://i.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA&_li_chk=true&previous_uuid=59dbacb9496e49088b760c3b34458797
  • https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA
43 B
447 B
Image
General
Full URL
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA
Protocol
HTTP/1.1
Server
2600:1f18:444a:4680:469d:1ee7:c700:42a5 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
/
Resource Hash
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:42 GMT
Cache-Control
no-store
Connection
keep-alive
trace-id
fcbff5117cd6d071
Content-Length
43
Strict-Transport-Security
max-age=31536000; includeSubDomains
Content-Type
image/gif

Redirect headers

Location
https://i6.liadm.com/s/28292?bidder_id=71340&bidder_uuid=k-DJkNSOwuHoplkJMPFJsf4Qkq7HOFd3oOg1qRXA
Date
Tue, 30 Nov 2021 13:05:41 GMT
Connection
keep-alive
trace-id
c25fbcaac2fd4287
Content-Length
0
Strict-Transport-Security
max-age=31536000; includeSubDomains
sp.ui.dialog.js
www.cartabcc.it/_layouts/15/
39 KB
10 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/sp.ui.dialog.js?rev=3Oh2QbaaiXSb7ldu2zd6QQ%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
75c601b64fef79cd7e2992c5f1715697e533e4d46737aef3f2e2980b34c19504
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Jul 2015 11:00:22 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
9454
ETag
"0676a4724bed01:0"
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hIVsS0eV+vg5LfI5gwbdX8dgkkajoOTxjsMVJRMJLOaXcIYWKN2JJdn+Y99kn6XfudYy4SrE5TfmUAf231ClZQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
QvW/OfPAa6yuoV16sY6W5iSkAgJmP1zDAd93J92inJRkljTgoNC3d+EWEOyDe4tu8+YAzGtKNOoZKXn3bmnYHw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
57zaZqaShu7snzVqMy3jm1m42G1rySc1UYS6MLQD2w2IzTevjfjYPyOXThamG22FOkbyn/Q5gbHMgPaCAIZ0Rw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Zeg9AUjPqOLAHXKgpwTo8jkZr2kcgcZ70ZPUB9AmMErj/wjLH+ikHigz65L6kJXkPtFnU1Oq4doz842uAzJwng==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Wl0/JtMkC9IK3jonngXrx10puhSFWXUZdyZSgrdSHmV0UaN+JJtiC2chIQy3fc8U9eVEsJIJEZFOHNp63eieOA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
0cbNmlA3/42sz3hSMQkYnkL2K8aniJxdUE+mXyttd8hUZcxjvmjBSMne68b2n13NAe37P9wyVfPxQUycOsD3zQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jJzZ36yshNfkw/f3ntHTqmrZVSuRBkjyRk+5sntFibcOEoElPDH//U53Xx3tqeSJif1PpnrnXwZ4lvh9xXeoOQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
vHxPJf9QL5U4ytW8ZJxG9wq6jL/6UoyYJq0bIyektesc65VmoWYx0PCpniaEIqBBzYd2LF/Lj9Kdz9pP8i2TfA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
3cOggYtQOTisS66cOd/3A+mtAcPgqQwu4QNugGriWxpuVGNtvKXJizxSfRp0Y1UoQ1ZZ4lWG9bvs/AxSefruwQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hD5R1J5oI72wmpq/FKQenGkJpt1Mg7GfA/ZUvb6EymKK127DlZ3aG8GJAP9sEMatRbJaxID7C91hcIyS0u9Glg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jRiVdbGDQmrvREqHcH4pNtOE3E+Sv9OlnMjXPYjYhs2+VDjgLXRPkpuomWZxFqFXD7FpC84w4ZcVKQk+A4wQHg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
JoP/mIjNbHxM9bpcDqMDlqJkbrVLTKlSl4DQRAh/K/dymm4QtkvmTIqYYVEI0K1a6im0lZT8D5/pfY1gFQUJ9Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
qBKlnfR2pCsy3Waji8JnK225YtUdIKstOjDFizQt0AWqer9mNnafc15MYE4FW/Xbg21zacxZVSOvZp54uR2Xnw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
TKZolLqpoQNrWJoRn98ngUjfLuB/cIvgrWyGKkG6irG4ujvnoCwcIohlQKoKUhenF24aCg79du1suthPJSHNEw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ZwhpP+lxFHunSE65vxdcUCoxQxbLm1hazGNXvE6iVhnG/0Rs3xtMu/IlNYTfaDfJ6PJbDJGZcajzdERsu+EbAQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
pMPc2T0spAD6aBwfCiQ5z/BgectaB8Zhy3bnxGRBte3hsvo18R37TL4j4B/jaFxe23c6JbOEKoCAhCser/1saA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
ZW+98pQAkNywQrEpjgKGKDkTOlXzFxngmiOO5EhnuI9MAgsThjYemtmqL5uZcPsEP0ahe/8eBQV0bN4ibbkVxQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
TtQ7mlgaAgelWqXUkBkYEL6/a0CB6y0nXN3A+KfHZjDxo8VK8+b8YKZyJqaH2IP2magxW3kvddVVGQmQnD/Ltw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
dbKtvC8MQtF9RlInq2HPGxV23E8I0px+zvteggvrf0g8NSs507n0jR7lm1ggP7e5oj8MVHMzjFEaBEHNw9Xbgw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
M8bGHWHv10lVFWdgtQU3bgBdUdlysQk/vamemvGD1Iburq3LzJrm1xr0ca61umAxh2/k/Mf+/2j76rVTwWDyNA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame F7B7
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
qQn1gGlRxH/ODEuBamq0ZErEoW69BTpEDDrc3Z7q6tbDKgLjU8oOsvB6qjhmmV6MgHpWSVl4ihtnsDtZqH8nUw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
c.gif
c.bing.com/ Frame 5C66
42 B
152 B
Image
General
Full URL
https://c.bing.com/c.gif?Red3=CTOMS_pd&cbid=k-QXtFs-wuHoplkJMPFJsf4Qkq7HOVJpaLD8nPRg
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::200 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/ ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:40 GMT
etag
"f95a3e4769d2d71:0"
last-modified
Fri, 05 Nov 2021 17:19:23 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: EB832906038B48C7A8F4C954A0317A7B Ref B: MIL30EDGE0314 Ref C: 2021-11-30T13:05:41Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-type
image/gif
content-length
42
OqOE21UvWe3.png
static.xx.fbcdn.net/rsrc.php/v3/y5/r/ Frame F7B7
400 B
826 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y5/r/OqOE21UvWe3.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
x-content-type-options
nosniff
content-md5
uF0RL4E+h23ClLQmPOTTMw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
400
x-fb-rlafr
0
x-fb-debug
KZlhFD5mXH5FuLYexesbBxvPmBVC2nEKTQeEMsi9K+yIwuMzeEabAzgoX5KTglA3Vr7NJh1nAoom+DQeLO+XCQ==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
expires
Fri, 25 Nov 2022 02:53:11 GMT
RZAsbT6fr_E.js
static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/ Frame F7B7
518 KB
137 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/like.php?action=like&app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Dfce2bd9a789eec%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=0&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=standard&locale=it_IT&sdk=joey&share=false&show_faces=false&size=large&width=252
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
OMDUuAybfBaAy1KGsZRcIw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
138803
x-fb-rlafr
0
x-fb-debug
mOXkcNnzZCgmuj4mSz5NPZnqFVZ9uLd8B7zC4hQVkmGZqHJ+pByvihLdO54qCVjmeT9iju7jPoevaoS/JpzUjA==
x-fb-trip-id
686109401
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 20 Nov 2022 00:12:22 GMT
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
AETcqdqTvTenMD7Y2oPx0FdHmuDj/wh5QSUqBw45gsmMZ8ylLS9VAfgovr6oci8jUJH442F/w8+0v2hMrlXP4A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
tglKanxsKk9Tz859vA0oNDZpCPKaUBR3mHTda8dEL4e04KOj34DaGUCbOtM95SFjt/R6hNYTb7lyTP6LDTCZzw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
3Nt4UaNvLuK916FAem9IOiPo0VhKPchBQI56FY8oc9muQYag3Y+Wny7e1mMVz0IvDu1tON+a9hO+rDcgbAUqrQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
SLQK1PvpsxQfCc6LByGQDc53vfNrI2buCqDKpyvsuna2BGZQiUANMcjmkgEoTXlXJaxWdqM/j1hDH7SebM3AOA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
KTnx0aK7VDgMqGedgbM8aA5/S9jSR0tS8S7hRYpvI+aBPBywub///YoomnWZLMJKH8u4zYmx4zaGc2LE/WAw4Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
jf+sDemJGMrqWINCXKhe38hY5xXQjw0AW8ZFEu5wjkTz4Wgj/yQGPgJCyVJhw0CARgaX3m9qBreibUShQIgmQA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
W3TAsrTz1HdcgtU7ewJK82iIjj4PwDk2bHjFXGIvbeqfiOdQlvzSaWo3Z2O2IrbBlkkgwnbTP5K0v7Zrk7mCOg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
VRac6uq24Gmm0zasIsKK3K49CcGBlrbvMdmRFt+OsZTYcAvE+4TLlpD8w6iOtLgK/h3Dw4CxCbbVVP+eB0A9Ig==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
qyedu/BnwpQ7hEGxp25PF7ovGgJ1K4GVTR4o0JAHdPayi5cHl7qo/I4GBVnllIzPDwTM0kxlPy4laVaPAvvmjw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
z4B1HuK3Ej8VuJj/Gj0d5MIaQszqYTTYR317SGdgSsRpPXjSPijWx9j4LRND92VcGx4wJG2NtC2kOyvrKS7hSw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
CrwxIcUSZN3RtPDjC9940azn0BgfWVbdMYrcAsM/CnJAI9pTu6GPnY2Pud8iPvCEQEXn3nBMcHocMqIhmuNrIg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
5QGTS+4sCBIRwjhJMbmwF0grHlK8+k9cYGP82goP0Q/iw0l/pnMgcfEw3XOb7gl8OaBcAR/MROClyInewAMXzQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
34 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
hV71YUT7kuQohcN8kEabJumNOkm8s32oLwN6abXfi0Odtp9Tyn0Aw39QJ7AuQjqvXdBbTHXp1hTBt4ztUQmMHw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
32 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
uEkqXLz4MM1IwANkI3i1EYc6IVGWrrrFj55AdUdmMRBG+0jlBOf+EHdD2zlnfJunwa+7l10Eyqlth/RkkNHRgg==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
yPc4xU0Vop3L32nkdTkZXiGgwBRbL0hT0h+ssfRaIX3fjnk2H0LxvSi2ETJq8+zQlxTtCgzw9OzssWuZoXefGw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
fDit6AQrr5Q4E9980wl1XXBFrd4+FBU/fl+teBtY6d7AMrBw0nWye7JXremVAwlLPOul8RqTsgtMupBIHMNcow==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
2BX4EV8eRA/RTR5Vjz2ocYjr5oForRognukQh0X/pIhuSZKj1dsdj+ur2wBMAtk4RsvowgRucce4EOxiHL6tdw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
30 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
zIbFjshIq9NcVHboynfCm+wGpKe93mSpZme2bLk2Bip3Q3y+nONHPdJ3GEKbATzZHO/AybMBOF/8r8Ye5G597w==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
33 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
+aUcnETjX7oe21kS6nb6W4qJrqFcOOxL3nLTaNR6u25JlIqcATZDAKfNQGBNm/PA6qmTbWHLx3mRCXgCdWwzGA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
32 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
Odn8tyNFpy8b3BLyydOH4L3XL6oY4rdmnQ3GmxXmLfaGkQKa1gwB3/HJ4XneaNxeHgaMmUy5bEdat0gF+0P51Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/csp/reporting/ Frame 2316
0
31 B
Other
General
Full URL
https://www.facebook.com/csp/reporting/?minimize=0
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/Pagine/default.aspx
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Accept-Language
it-IT,it;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36
Content-Type
application/csp-report

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com 'unsafe-eval' *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
x-content-type-options
nosniff
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net;style-src fonts.googleapis.com *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com;font-src data: *.gstatic.com *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com *.tenor.co media.tenor.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net *.giphy.com connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: googleads.g.doubleclick.net cx.atdmt.com www.googleadservices.com *.whatsapp.net *.fb.com *.oculuscdn.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com https://*.giphy.com data:;frame-src *.doubleclick.net *.google.com *.facebook.com www.googleadservices.com *.fbsbx.com fbsbx.com ad.atdmt.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?minimize=0;
report-to
{"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/?minimize=0"}],"group":"coep_report"}
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
content-length
0
x-xss-protection
0
pragma
no-cache
x-fb-debug
NfBvgA1KIJrculxWvYCwblgldpj/2CddnrIlMmFDc0YCDpQ4BjABy3UE4vJgUvjOgVRY8zKA/UlKYKBuFrfv0Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
expires
Sat, 01 Jan 2000 00:00:00 GMT
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
DENY
date
Tue, 30 Nov 2021 13:05:41 GMT
strict-transport-security
max-age=15552000; preload
access-control-allow-methods
OPTIONS
content-type
text/html; charset="utf-8"
access-control-allow-origin
https://www.facebook.com
vary
Origin
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
x-fb-rlafr
0
priority
u=3,i
access-control-expose-headers
X-FB-Debug, X-Loader-Length
/
www.facebook.com/tr/
44 B
88 B
Image
General
Full URL
https://www.facebook.com/tr/?id=185490025453730&ev=Microdata&dl=https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx&rl=&if=false&ts=1638277541388&cd[DataLayer]=%5B%5D&cd[Meta]=%7B%22title%22%3A%22%5Cn%5CtCartaBCC%5Cn%22%2C%22meta%3Adescription%22%3A%22CartaBCChp%22%2C%22meta%3Akeywords%22%3A%22CartaBCChp%22%7D&cd[OpenGraph]=%7B%22og%3Atype%22%3A%22website%22%2C%22og%3Asite_name%22%3A%22Carta%20BCC%22%2C%22og%3Aurl%22%3A%22https%3A%2F%2Fwww.cartabcc.it%2FPagine%2Fdefault.aspx%22%2C%22og%3Atitle%22%3A%22CartaBCC%20Home%20Page%22%2C%22og%3Adescription%22%3A%22La%20home%20page%20del%20Portale%20Carta%20BCC%22%2C%22og%3Aimage%22%3A%22https%3A%2F%2Fwww.cartabcc.it%2FPublishingImages%2FOpenGraph%2FHome.PNG%22%7D&cd[Schema.org]=%5B%5D&cd[JSON-LD]=%5B%5D&sw=1600&sh=1200&v=2.9.48&r=stable&ec=1&o=30&fbp=fb.1.1638277540864.186521636&it=1638277540732&coo=false&es=automatic&tm=3&exp=p0&rqm=GET
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f11c:8083:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
last-modified
Fri, 21 Dec 2012 00:00:01 GMT
server
proxygen-bolt
strict-transport-security
max-age=31536000; includeSubDomains
content-type
image/gif
cache-control
no-cache, must-revalidate, max-age=0
cross-origin-resource-policy
cross-origin
content-length
44
alt-svc
h3=":443"; ma=3600, h3-29=":443"; ma=3600
priority
u=3,i
expires
Tue, 30 Nov 2021 13:05:41 GMT
cookiematch.aspx
dis.criteo.com/dis/rtb/appnexus/ Frame 5C66
Redirect Chain
  • https://secure.adnxs.com/seg?add=130915&redir=https%3A%2F%2Fsecure.adnxs.com%2Fgetuid%3Fhttps%3A%2F%2Fdis.criteo.com%2Fdis%2Frtb%2Fappnexus%2Fcookiematch.aspx%3Fappnxsid%3D%24UID
  • https://secure.adnxs.com/getuid?https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=$UID
  • https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
43 B
342 B
Image
General
Full URL
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Protocol
H2
Server
178.250.0.163 , France, ASN44788 (ASN-CRITEO-EUROPE, FR),
Reverse DNS
Software
Kestrel /
Resource Hash
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 30 Nov 2021 13:05:41 GMT
content-type
image/gif
server
Kestrel
p3p
CP='NON DSP COR CURa PSA PSD OUR BUS NAV STA'
cache-control
no-cache
cross-origin-resource-policy
cross-origin
server-processing-duration-in-ticks
2250267
timing-allow-origin
*
expires
Mon, 26 Jul 1997 05:00:00 GMT

Redirect headers

Pragma
no-cache
Date
Tue, 30 Nov 2021 13:05:41 GMT
X-Proxy-Origin
82.102.26.70; 82.102.26.70; 729.bm-nginx-loadbalancer.mgmt.ams1; adnxs.com
AN-X-Request-Uuid
f2c2498c-423c-4c46-8251-7fdb1d8dd62c
Server
nginx/1.17.9
Access-Control-Allow-Origin
*
P3P
policyref="http://cdn.adnxs-simple.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
Location
https://dis.criteo.com/dis/rtb/appnexus/cookiematch.aspx?appnxsid=7582044981547839352
Cache-Control
no-store, no-cache, private
Access-Control-Allow-Credentials
true
Connection
keep-alive
Content-Type
text/html; charset=utf-8
Content-Length
0
X-XSS-Protection
0
Expires
Sat, 15 Nov 2008 16:00:00 GMT
ps3LEjFUMch.png
static.xx.fbcdn.net/rsrc.php/v3/y4/r/ Frame 2316
441 B
494 B
Image
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3/y4/r/ps3LEjFUMch.png
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
x-content-type-options
nosniff
content-md5
bIdClDVUx2JypSkH1jl0jQ==
document-policy
force-load-at-top
content-security-policy-report-only
default-src fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com data: blob: 'unsafe-inline' 'unsafe-eval';report-uri https://www.xx.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
441
x-fb-rlafr
0
x-fb-debug
W9vNT3PUOEmt0xNWAQoktM3S7Q7wpBgh3DX63BFVSoX9YXA8hXoPXFUb3NRpYc/0KUaEB7AghxXmKs2bwsU7qA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
content-type
image/png
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Fri, 25 Nov 2022 04:50:36 GMT
RZAsbT6fr_E.js
static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/ Frame 2316
518 KB
136 KB
Script
General
Full URL
https://static.xx.fbcdn.net/rsrc.php/v3ivWx4/yh/l/it_IT/RZAsbT6fr_E.js?_nc_x=Ij3Wp8lg5Kz
Requested by
Host: www.facebook.com
URL: https://www.facebook.com/plugins/share_button.php?app_id=120834568001752&channel=https%3A%2F%2Fstaticxx.facebook.com%2Fx%2Fconnect%2Fxd_arbiter%2F%3Fversion%3D46%23cb%3Df1dd34d279ea5f%26domain%3Dwww.cartabcc.it%26is_canvas%3Dfalse%26origin%3Dhttps%253A%252F%252Fwww.cartabcc.it%252Ff24e9dcef116488%26relation%3Dparent.parent&container_width=207&href=https%3A%2F%2Fwww.facebook.com%2FCartaBcc&layout=button&locale=it_IT&mobile_iframe=false&sdk=joey&size=large
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2a03:2880:f01c:216:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.facebook.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
content-encoding
br
x-content-type-options
nosniff
content-md5
OMDUuAybfBaAy1KGsZRcIw==
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* attachment.fbsbx.com blob: *.cdninstagram.com 'self' wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d-test.facebook.com/ wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster:;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net;worker-src blob: *.facebook.com data:;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=3600,h3-29=":443"; ma=3600
content-length
138803
x-fb-rlafr
0
x-fb-debug
mOXkcNnzZCgmuj4mSz5NPZnqFVZ9uLd8B7zC4hQVkmGZqHJ+pByvihLdO54qCVjmeT9iju7jPoevaoS/JpzUjA==
last-modified
Mon, 01 Jan 2001 08:00:00 GMT
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
timing-allow-origin
*
priority
u=3,i
expires
Sun, 20 Nov 2022 00:12:22 GMT
sp.runtime.js
www.cartabcc.it/_layouts/15/
109 KB
23 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/sp.runtime.js?rev=5f2WkYJoaxlIRdwUeg4WEg%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
462bc67f383c00cd2f09afa83f4ab70ad9ece0e14310a0e1c381a902db6ee2ce
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Thu, 23 Jan 2014 06:06:06 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
22581
ETag
"0dbca33118cf1:0"
sync
ups.analytics.yahoo.com/ups/55945/ Frame 5C66
Redirect Chain
  • https://pixel.advertising.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1
  • https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
0
20 B
Image
General
Full URL
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
Protocol
H2
Server
18.156.0.31 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-156-0-31.eu-central-1.compute.amazonaws.com
Software
ATS/9.1.0.33 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

date
Tue, 30 Nov 2021 13:05:41 GMT
server
ATS/9.1.0.33
age
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV

Redirect headers

location
https://ups.analytics.yahoo.com/ups/55945/sync?uid=k-oh8PP-wuHoplkJMPFJsf4Qkq7HMquw0LTP28Jg&_origin=1&apid=UP389e7163-51de-11ec-8c54-022e3a216146
date
Tue, 30 Nov 2021 13:05:41 GMT
content-length
0
strict-transport-security
max-age=31536000
p3p
CP=NOI DSP COR LAW CURa DEVa TAIa PSAa PSDa OUR BUS UNI COM NAV
sp.js
www.cartabcc.it/_layouts/15/
611 KB
77 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/sp.js?rev=PuStxsNvcWcF1LKgj8CisA%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
687d5823bd2024aea8f7a887a96f0a5bc17a9ea94e4bc4f803df57ba0510dc2e
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Tue, 14 Sep 2021 16:19:44 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
78870
ETag
"010f45384a9d71:0"
inplview.js
www.cartabcc.it/_layouts/15/
68 KB
20 KB
Script
General
Full URL
https://www.cartabcc.it/_layouts/15/inplview.js?rev=iMf5THfqukSYut7sl9HwUg%3D%3D
Requested by
Host: www.cartabcc.it
URL: https://www.cartabcc.it/_layouts/15/init.js?rev=AS%2Bv0UYCkcLYkV95cqJXGA%3D%3D
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
149.154.92.61 Sesto San Giovanni, Italy, ASN57144 (ICCREA-AS, IT),
Reverse DNS
Software
Microsoft-IIS/8.5 / ASP.NET
Resource Hash
0f4a284e4e5fc437bbf0aa321373d29447fc580592a85721775a9f001df3a9a6
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Accept-Language
it-IT,it;q=0.9
Referer
https://www.cartabcc.it/Pagine/default.aspx
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.45 Safari/537.36

Response headers

Date
Tue, 30 Nov 2021 13:05:41 GMT
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Last-Modified
Sat, 23 Feb 2019 15:05:24 GMT
Server
Microsoft-IIS/8.5
MicrosoftSharePointTeamServices
15.0.0.4719
X-MS-InvokeApp
1; RequireReadOnly
X-Powered-By
ASP.NET
Vary
Accept-Encoding
Content-Type
application/javascript
X-XSS-Protection
1
Cache-Control
max-age=31536000
Accept-Ranges
bytes
Content-Length
19583
ETag
"092c33389cbd41:0"

Verdicts & Comments Add Verdict or Comment

2491 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| 7 object| 8 object| 9 object| 10 object| 11 object| 12 object| 13 object| 14 object| 15 object| 16 object| 17 object| 18 object| 19 object| onbeforexrselect function| reportError boolean| originAgentCluster object| scheduler string| cUrl function| gtag object| dataLayer function| tracciamentoAnalytics object| google_tag_manager object| google_tag_data object| gaGlobal function| $_global_init object| currentCtx object| ctx object| itemTable object| g_supportFiles undefined| g_MDNav object| ULS function| ULSObject function| ULSTrim function| ULSEncodeXML function| ULSStripPII function| ULSGetFunction function| ULSGetMetadataFromFrame function| ULSGetCallstack function| ULSGetClientInfo function| ULSHandleWebServiceResponse function| ULSFinishErrorHandling function| ULSGetWebServiceUrl function| ULSUploadReport function| ULSSendReport function| ULSSendExceptionImpl function| ULSOnError function| ULSSendException object| ULSCat function| GetXMLHttpRequestObject function| insertAdjacentElement function| insertAdjacentHTML function| insertAdjacentText function| contains function| getFirstElementByName function| getFirstElementByProperty function| documentGetElementsByName function| getFirstChild function| Browseris object| browseris object| bis function| byid function| newE function| wpf function| startReplacement function| SetEvent function| AttachEvent function| DetachEvent function| CancelEvent function| GetEventSrcElement function| GetEventKeyCode function| GetInnerText object| g_cde function| GetCachedElement function| $dg number| UTF8_1ST_OF_2 number| UTF8_1ST_OF_3 number| UTF8_1ST_OF_4 number| UTF8_TRAIL number| HIGH_SURROGATE_BITS number| LOW_SURROGATE_BITS number| SURROGATE_6_BIT number| SURROGATE_ID_BITS number| SURROGATE_OFFSET function| escapeProperlyCoreCore function| escapeProperly function| escapeProperlyCore function| escapeUrlForCallback function| IsSTSPageUrlValid function| PageUrlValidation function| SelectRibbonTab function| FV4UI function| GoToHistoryLink function| GetGotoLinkUrl function| GoToLink function| GoToLinkOrDialogNewWindow function| GoToDiscussion function| GetCurrentEltStyle function| InsertNodeAfter function| EEDecodeSpecialChars function| ShowAttachmentRows function| PreventDefaultNavigation function| cancelDefault function| IsArray function| IsNullOrUndefined function| SetOpacity function| GetOpacity object| XUIHtml function| SP_JSONParse function| DeferCall object| LegalUrlChars function| AdmBuildParam function| IndexOfIllegalCharInUrlLeafName function| IndexOfIllegalCharInUrlPath function| UrlContainsIllegalStrings function| UrlLeafNameValidate function| UrlPathValidate function| IsCheckBoxListSelected function| STSValidatorEnable function| encodeScriptQuote function| STSHtmlEncode function| STSHtmlDecode function| StAttrQuote function| STSScriptEncode function| STSScriptEncodeWithQuote number| recycleBinEnabled string| cascadeDeleteWarningMessage boolean| bIsFileDialogView object| g_ViewIdToViewCounterMap object| g_ctxDict function| NotifyBrowserOfAsyncUpdate function| IsSafeHrefAlert function| UpdateAccessibilityUI function| SetIsAccessibilityFeatureEnabled function| DeleteCookie function| GetCookie function| GetCookieEx function| SetCookie function| SetCookieEx function| IsAccessibilityFeatureEnabled function| escapeForSync object| g_rgdwchMinEncoded function| Vutf8ToUnicode function| unescapeProperlyInternal function| unescapeProperly function| navigateMailToLink function| navigateMailToLinkWithMessage function| newBlogPostOnClient function| GetUrlFromWebUrlAndWebRelativeUrl object| g_updateFormDigestPageLoaded function| UpdateFormDigest function| IsSupportedFirefoxOnWin function| IsSupportedChromeOnWin function| IsSupportedNPApiBrowserOnWin function| IsNPAPIOnWinPluginInstalled function| CreateNPApiOnWindowsPlugin function| IsSupportedMacBrowser function| IsBrowserPluginInstalled function| IsMacPluginInstalled function| CreateMacPlugin undefined| g_objStssync function| GetStssyncHandler function| GetStssyncData function| GetStssyncAppName function| makeAbsUrl function| ExportHailStorm undefined| g_objDiagramLaunch function| GetDiagramLaunchInstalled object| g_objProjectTaskLaunch function| GetProjectTaskLaunchInstalled object| g_expDatabase function| GetDataBaseInstalled object| g_ssImporterObj boolean| g_fSSImporter function| EnsureSSImportInner function| EnsureSSImporter function| GetThemedImageUrl function| GetThemedLocalizedImageUrl function| GetThemedImageUrl_Core function| GetImageUrlWithRevision function| ShowHideSection function| ShowSection function| ShowHideInputFormSection function| ShowHideInputFormControl function| HideMenuControl function| SetControlDisabledStatus function| SetControlDisabledStatusRecursively function| SetChildControlsDisabledStatus undefined| g_PNGImageIds undefined| g_PNGImageSources function| displayPNGImage function| ProcessPNGImages function| CtxSetIsWebEditorPreview function| CtxSetCurrentUserId function| CtxSetIsForceCheckout function| BasePermissions number| CTXTYPE_EDITMENU number| CTXTYPE_VIEWSELECTOR function| ContextInfo function| ctxInitItemState function| STSPageUrlValidation function| GetSource function| GetSecuredSource function| GetUrlKeyValue function| LoginAsAnother function| isPortalTemplatePage function| CLVPFromEvent function| STSNavigateToView function| STSNavigate2 function| STSNavigateTop function| STSNavigate function| GoToPage function| TrimSpaces function| TrimWhiteSpaces function| GetAttributeFromItemTable function| ShowMtgNavigatorPane function| HideMtgNavigatorPane function| HideMtgDesc function| GetMultipleUploadEnabled function| SetUploadPageTitle function| GetSelectedValue function| GetSelectedText function| MtgShowTimeZone function| FormatDate function| GetAlertText function| retrieveCurrentThemeLink function| StBuildParam object| JSRequest string| ExpGroupWPListName string| ExpGroupCookiePrefix string| ExpGroupCookieDelimiter number| ExpGroupMaxWP number| ExpGroupMaxCookieLength object| g_ExpGroupCAMLQueue object| g_ExpGroupXSLTQueue boolean| g_ExpGroupInProgress boolean| g_ExpInitializing object| g_ExpGroupTable boolean| g_ExpGroupNeedsState boolean| g_ExpGroupParseStage function| ExpCollGroup function| ExpGroupFetchData function| ExpGroupCallServer function| DoPagingCallback function| ExpGroupReceiveData function| ExpGroupRenderData undefined| titlTbody function| ExpGroupFetchGroupString function| ExpGroupFetchWebPartID function| RenderActiveX function| RenderActiveX2 function| OnItem function| OnChildItem function| OnLink function| MMU_PopMenuIfShowing function| OnMouseOverFilter function| OnChildColumn function| MMU_EcbTableMouseOverOut function| OnMouseOverAdHocFilter function| MMU_EcbLinkOnFocusBlur function| GetElementByClassName function| AddWhiteBG function| RemoveWhiteBG boolean| locked function| LockBG object| CSSUtil undefined| searcharea undefined| searchbox undefined| searchimage undefined| whitebgclass function| InitSearchBoxStyleEvents function| IsFullNameDefined function| TypeofFullName object| _v_dictSod object| Sods object| _v_qsod object| _v_sodctx function| Sod function| UrlToSod function| ResetSodState function| RegisterSod function| RegisterSodDep function| LoadSodByKey function| LoadSodByKeySync function| LoadMultipleSods object| g_PendingLoadSodQueue function| IsSodLoaded function| LoadSod function| LoadPendingSods function| LoadSodInternal function| GetOnLoad function| NotifyOnLoad function| EnsureScript function| EnsureScriptFunc function| EnsureScriptParams function| NormalizeSodKey function| ArrayIndexOf function| SodCloneEvent function| SodDispatchEvent function| AddTabHeadHandler function| LoadWPAdderOnDemand function| showSaveConflictDialog function| ClkElmt function| EnsureSelectionHandlerOnFocus function| EnsureSelectionHandler function| StopEvt function| FFGetElementsById function| GetElementsByName function| AddEvtHandler function| RemoveEvtHandler function| HideListViewRows function| resetSelectAllCbx function| getSelectAllCbxFromTable function| WpClick function| WpKeyUp function| WzClick function| WpCbxSelect function| WpCbxKeyHandler function| PopoutMenuMaybeSwapImage function| PopoutMenuMaybeSwapImageClustered function| SwapImage function| SwapImageInternal function| GetViewportHeight function| GetViewportWidth number| g_viewportHeight number| g_viewportWidth number| g_wpadderHeight boolean| g_setWidth boolean| g_setWidthInited object| g_workspaceResizedHandlers boolean| g_setScrollPos boolean| g_frl function| FixRibbonAndWorkspaceDimensionsForResize function| FixRibbonAndWorkspaceDimensions function| CallWorkspaceResizedEventHandlers function| RibbonIsMinimized object| g_spribbon function| OnRibbonMinimizedChanged function| PreRibbonTabSwitched function| CatchCreateError function| ExpandBody function| CollapseBody function| ShowQuotedText function| HideQuotedText function| GetSelectedItemsDict function| ClearSelectedItemsDict function| RemoveOnlyPagingArgs function| RemovePagingArgs object| v_stsOpenDoc2 object| v_strStsOpenDoc2 function| StsOpenEnsureEx2 function| StURLSetVar2 function| RemoveQueryParameterFromUrl function| HasValidUrlPrefix function| AbsLeft function| AbsTop function| GetEventCoords function| IsLeavingObject number| deleteInstance function| DeleteItemConfirmation function| DeleteInstanceConfirmation function| CancelMultiPageConfirmation function| RestoreItemVersionConfirmation function| DeleteItemVersionConfirmation function| DeleteUserInfoItemConfirmation function| UnlinkCopyConfirmation function| SupportsNavigateHttpFolder function| MtgDeletePageConfirm function| IsImgLibJssLoaded function| GetFirstChildElement function| TestGCObject function| MMU_GetMenuFromClientId function| MMU_EcbLinkOnKeyDown boolean| firstCalled boolean| _callbackinitdelayed function| DeferWebFormInitCallback boolean| fRightToLeft function| _ribbonShouldFixRtlHeaders object| g_spDragDropUpload function| WPQRegisterDragDropUpload function| SPDragUploadInfo object| g_QuickLaunchControlIds function| _registerCommonComponents function| ExecuteAndRegisterBeginEndFunctions function| RegisterBeginEndFunctions function| RegisterModuleInit function| SetElementStyle function| RemoveCachingParamsFromUrl function| registerCssLink function| GetAbsoluteUrl function| _registerCssLink function| replacePlaceholderElement function| pxToNum function| fIsNullOrUndefined function| IsStrNullOrEmpty function| bindArguments function| OpenSuiteLinksJson object| IMNControlObj boolean| bIMNControlInited object| IMNDictionaryObj boolean| bIMNSorted boolean| bIMNOnloadAttached object| IMNOrigScrollFunc boolean| bIMNInScrollFunc object| IMNSortableObj object| IMNHeaderObj object| IMNNameDictionaryObj object| IMNShowOfflineObj function| GetCurrentEvent function| GetEventTarget function| EnsureIMNControl function| DiscardIMNControl function| IMNImageInfo_InitializePrototype function| IMNImageInfo function| IMNGetStatusImage function| IMNGetHeaderImage function| IMNIsOnlineState function| IMNSortList function| IMNOnStatusChange function| IMNUpdateImageClassPrefix function| IMNUpdateImage function| IMNHandleAccelerator function| IMNImageOnClick function| IMNGetOOUILocation function| IMNShowOOUIMouse function| IMNShowOOUIKyb function| IMNShowOOUI function| IMNHideOOUI function| IMNScroll number| imnCount object| imnElems number| imnElemsCount number| imnMarkerBatchSize number| imnMarkerBatchDelay function| ProcessImn function| ClientCanHandleImn function| RemoveImnAnchors function| ProcessImnMarkers function| IMNRC function| IsImnAnchor function| SetImnOnClickHandler function| IMNImageOnClickHandler function| IMNSortTable function| IMNRegisterHeader object| _spBodyOnLoadFunctionNames object| _spBodyOnLoadFunctions boolean| _spBodyOnLoadCalled string| _spOriginalFormAction string| _spEscapedFormAction boolean| _spFormOnSubmitCalled boolean| _spBodyOnPageShowRegistered function| _spBodyOnPageShow function| _spResetFormOnSubmitCalledFlag function| _ribbonReadyForInit function| _spBodyOnLoadWrapperInit function| _spBodyOnLoadWrapper number| g_numberOfYields function| _spDelayAfterAllScripts function| _spYield function| _spTrace object| g_spPreFetchKeys function| _spPreFetch boolean| _spSuppressFormOnSubmitWrapper function| _spFormOnSubmitWrapper object| _inlineEditString boolean| _spPageLoadedRegistered function| _spPageLoaded function| InlineEditSetDefaultFocus function| focusControl function| EscapeFormAction function| RefreshHeroButtonState function| RefreshInplViewState function| RestoreToOriginalFormAction function| DefaultFocus boolean| g_fAnimateListCSR function| ProcessDefaultOnLoad function| ProcessOnLoadFunctionNames function| ProcessOnLoadFunctions function| CoreInvoke function| _bodyOnHashChangeHandler object| DeveloperDashboard function| ToggleDeveloperDashboard function| ddFail function| ddIsWndValid function| ddResetState function| ddCloseWindow function| ddOpenWindow function| ddAdoptWindow function| ddGetWindow function| ddAttachToWindow function| ddHandshake function| ddResetHandshake function| ddInit function| CScope function| ddCScopeSet function| ddCScopeReset function| ddToggleCScope boolean| flyoutsAllowed function| enableFlyoutsAfterDelay function| overrideMenu_HoverStatic function| delayMenu_HoverStatic object| g_ExecuteOrWaitJobs function| ExecuteOrDelayUntilEventNotified function| DelayUntilEventNotified function| NotifyEventAndExecuteWaitingJobs function| ExecuteOrDelayUntilScriptLoaded function| NotifyScriptLoadedAndExecuteWaitingJobs function| ExecuteOrDelayUntilBodyLoaded function| NotifyBodyLoadedAndExecuteWaitingJobs function| FFClick function| _spOnSilverlightError function| _spSetSLPluginNotLoadedErrorMessage function| _spSetSLErrorMessage object| cuiKeyHash function| _processKeyCodes undefined| g_fhs function| _ribbonScaleHeader function| _ribbonNeedsHeaderScaling function| _ribbonChildNodesWrapped function| _ribbonElementsWrap function| _ribbonGetScaleStep function| _ribbonSetScaleStep function| _ribbonHeaderScaleDown function| _ribbonHeaderScaleUp object| g_ribbonHeaderScaleClass function| _ribbonHeaderScaleIndex function| _ribbonFixHeaderWidth function| _ribbonCalculateWidth function| SPRibbonInfo function| _ribbonOnStartInit object| StatusIdWithTopPriority object| StatusColorWithTopPriority object| StatusPriority object| StatusBarClassNames function| getStatusTitle number| g_uniqueIndex function| getUniqueIndex function| addStatus function| appendStatus function| initPromotionBar function| _createStatusMarkup function| removeAllStatus function| setStatusPriColor function| _selectStatusWithTopPriority function| updateStatus function| removeStatus number| c_defaultSuiteDataVersion function| SuiteNavRenderingOptions function| RenderSuiteNav function| LinkData function| SuiteNavData function| SuiteData function| IsEmptyArray function| RemoveEmptyArraysFromSuiteNavData function| MakeSuiteNavDataLoader function| WithSuiteNavData object| BrowserStorage function| StorageObject function| CachedStorage string| _testKey string| _testValue function| TestStorage object| _local object| _session string| c_strUndefined string| key_Date string| key_Language string| key_LinksJson string| key_MySiteLinks string| key_SuiteNavHeight string| key_UserKey string| key_LinksCached function| GetPageContextInfoValueOrNull function| SuiteNavCommonGetCurrentUserKey function| SuiteNavCommonGetCurrentUICultureOrNone function| GetCachedJsonIfValid function| ExtractSuiteMetadata function| ExtractSuiteProperty function| ExtractSuiteVersion function| ExtractIsMobile function| ExtractSuiteLinks function| ExtractSuiteNavBarData function| SuiteNavCommonGetSuiteLinks function| SuiteNavCommonCacheSuiteLinks function| SuiteNavCommonClearSuiteLinksCache function| RequestHeader object| _restHeaders function| WithRestValue function| WithUrlContents function| WithLoadedXMLHttpRequest object| g_dlgWndTop boolean| g_spDlgLauncher number| g_ModalDialogCount undefined| g_overlayPopup undefined| g_childDialog function| _dlgWndTop function| commonShowModalDialog function| invokeModalDialogCallback function| setModalDialogReturnValue function| setModalDialogObjectReturnValue function| CommonGlobalDialogReturnValue_InitializePrototype function| CommonGlobalDialogReturnValue object| commonModalDialogReturnValue function| commonModalDialogOpen function| commonModalDialogClose function| commonModalDialogGetArguments function| ShowPopupDialog function| ShowPopupDialogWithCallback function| PopupDialogCallback function| SelectField function| FilterField function| SetControlValue function| SubmitFormPost function| GoToPageRelative function| EnterFolder function| HandleFolder function| VerifyFolderHref function| VerifyHref function| DispEx function| EditItemWithCheckoutAlert function| STSNavigateWithCheckoutAlert function| NewItem2 function| NewItem function| EditItem2 function| EditItem function| RefreshPageTo function| AddGroupToCookie function| RemoveGroupFromCookie function| ExpGroupBy function| DispDocItem function| DispDocItemExWithServerRedirect function| DispDocItemEx function| PortalPinToMyPage function| MoveToViewDate function| MoveToDate function| ClickDay function| GetMonthView function| OptLoseFocus function| SetCtrlFromOpt function| ChangeLayoutMode function| MSOLayout_ChangeLayoutMode function| WebPartMenuKeyboardClick function| ShowToolPane2Wrapper function| EditInSPD function| SetupFixedWidthWebParts function| ToggleAllItems function| CommandUIExecuteCommand function| PopMenuFromChevron function| ListHeaderMenu_OnMouseDown function| NavigateToSubNewAspx function| NavigateToManagePermsPage function| DoNavigateToTemplateGallery function| RefreshPage function| OpenPopUpPage function| OpenCreateWebPageDialog function| EditLink2 function| GoBack function| ReplyItem function| ExportToDatabase function| ExportList function| ClearSearchTerm function| SubmitSearchForView function| SubmitSearchRedirect function| AlertAndSetFocus function| AlertAndSetFocusForDropdown function| AddSilverlightWebPart function| UserSelectionOnClick function| OnIframeLoad function| OnFocusFilter function| TopHelpButtonClick function| HelpWindowKey function| HelpWindowUrl function| HelpWindow function| ToggleFullScreenMode function| OnClickFilter function| GCActivateAndFocus function| GCNavigateToNonGridPage function| AjaxNavigate$WantsNewTab function| AjaxNavigate$OnClickHook function| AjaxNavigate$add_navigate function| AjaxNavigate$remove_navigate function| AjaxNavigate$_parseParams function| AjaxNavigate$_GetWindowLocationHash function| AjaxNavigate$_GetWindowLocationNoHash function| RemoveMDSQueryParametersFromUrl function| GetUrlFromMDSLocation function| AjaxNavigate$_UrlFromHashBag function| AjaxNavigate$_buildHashBag function| AjaxNavigate$parseHash function| AjaxNavigate$_raiseNavigate function| AjaxNavigate$_getParam function| AjaxNavigate$_normalizeFormAction function| AjaxNavigate$_getSavedFormAction function| AjaxNavigate$submit function| AjaxNavigate$_getAjaxLocationWindow function| AjaxNavigate$combineURL function| AjaxNavigate$isMDSURL function| AjaxNavigate$convertRegularURLtoMDSURL function| AjaxNavigate$convertMDSURLtoRegularURL function| AjaxNavigate$get_href function| AjaxNavigate$get_hash function| AjaxNavigate$get_search function| AjaxNavigate$update function| AjaxNavigate$_fixLayoutsUrl function| AjaxNavigate$_clear function| AjaxNavigate object| ajaxNavigate function| _spBodyOnHashChange function| URI function| setInnerText function| _EnsureJSClassOrNamespace function| _EnsureJSNamespace function| _EnsureJSClass number| g_prefetch boolean| g_ribbonImagePrefetch function| AllowCSSFiltersOnIE8 function| notifyScriptsLoadedAndExecuteWaitingJobs boolean| initJsLoaded object| SP object| Strings function| $_global_clienttemplates object| SPClientRenderer function| CallFunctionWithErrorHandling function| CoreRender function| CoreRenderWorker function| GetViewHash function| RenderAsyncDataLoad function| RenderCallbackFailures function| AsyncDataLoadPostRender function| AddPostRenderCallback function| AddPostRenderCallbackUnique function| AddRenderCallback object| clientHierarchyManagers function| OnExpandCollapseButtonClick function| GetClientHierarchyManagerForWebpart function| ClientHierarchyManager function| EnterIPEAndDoAction function| IndentItems function| OutdentItems function| InsertProvisionalItem function| MoveItemsUp function| MoveItemsDown function| CreateSubItem function| IsTouchSupported function| RenderListView object| SPClientTemplates function| SPTemplateManagerResolveTypeInfo function| SPTemplateManagerResolveTypeInfo_InitializePrototype function| SPTemplateManagerRegisterTypeInfo function| SPTemplateManagerRegisterTypeInfo_InitializePrototype function| IsCSRReadOnlyTabularView function| SPClientFormUserValue function| SPClientFormUserValue_InitializePrototype function| RenderViewTemplate function| RenderFieldValueDefault function| RenderBodyTemplate function| RenderGroupTemplateDefault function| RenderItemTemplateDefault function| RenderFieldTemplateDefault function| RenderAggregate function| RenderGroupTemplate function| RenderGroup function| RenderGroupEx function| AddGroupBody function| GenerateIID function| GenerateIIDForListItem function| GetCSSClassForFieldTd function| DoesListUseCallout function| ShowCallOutOrECBWrapper function| RenderItemTemplate function| RenderTableHeader function| RenderSelectAllCbx function| RenderHeaderTemplate function| RenderFooterTemplate function| RenderViewSelectorMenu function| RenderViewSelectorPivotMenu function| RenderViewSelectorPivotMenuAsync function| OpenViewSelectorPivotOptions function| RenderEmptyText function| RenderSearchStatus function| RenderSearchStatusInner function| RenderPaging function| RenderPagingControlNew function| RenderHeroParameters function| RenderHeroParameters_InitializePrototype function| RenderHeroLink function| RenderHeroAddNewLink function| ShouldRenderHeroButton function| CanUploadFile function| RenderHeroButton function| DocumentInformation string| c_newdocWOPIID string| c_newDocDivHtml string| c_onClickCreateDoc number| c_newDocCalloutWidth object| NewDocumentInfo function| InitializeNewDocumentInfo function| NewDocumentCallout_OnOpenedCallback function| CreateNewDocumentCallout function| GetNewDocumentCalloutMainID function| TryLaunchExcelForm function| RenderNewDocumentCallout function| RenderNewFolderUrl function| addWPQtoId function| DisplayErrorDialog function| RenderTitle function| CreateItemPropertiesTitleUrl function| ariaLabelForFolder function| ariaLabelForFile function| LinkTitleValue function| HasEditPermission object| ComputedFieldWorker function| ComputedFieldRenderer_InitializePrototype function| ComputedFieldRenderer function| ComputedFieldRenderField function| RenderCalloutAffordance function| RenderECB function| RenderECBinline function| calloutCreateAjaxMenu object| g_lastLaunchPointIIDClicked function| OpenCallout function| RenderCalloutMenu function| findIIDInAncestorNode object| usedCalloutIDs function| generateUniqueCalloutIDFromBaseID function| GetCalloutElementIDFromCallout function| GetCalloutElementIDFromRenderCtx function| GetCalloutFromRenderCtx string| CALLOUT_STR_ELLIPSIS number| CALLOUT_ELLIPSIS_LENGTH number| CALLOUT_CHARS_TO_TRUNCATE_PER_ITERATION function| displayTruncatedString function| displayTruncatedLocation function| displayTruncatedUrl function| CalloutRenderViewTemplate object| g_ClipboardControl boolean| g_IsClipboardControlValid function| EnsureClipboardControl function| GetClientAppNameFromMapApp function| CopyToClipboard function| CalloutRenderHeaderTemplate function| CalloutRenderFooterTemplate function| CalloutRenderFooterArea function| GetCallOutOpenText function| CalloutOnPostRenderTemplate function| CalloutRenderBodyTemplate function| isPositiveInteger function| createOneTimeCallback function| EnableSharingDialogIfNeeded function| CalloutRenderFilePreview function| GetCalloutSharingStatusDivId function| CalloutRenderSharingStatus function| CalloutPostRenderSharingStatus function| CalloutRenderSection function| CalloutRenderSharingStatusDiv function| CalloutRenderLastModifiedInfo function| CalloutRenderSourceUrl function| CalloutRenderItemTemplate function| getItemIDFromIID function| getItemIdxByID function| permMaskContains function| getCtxFromCtxNum function| getViewCtxFromCalloutCtx function| smartOpenFileOrFolderFromHref function| CalloutAction_Open_OnClick function| CalloutAction_Share_OnClick function| DisplaySharingDialogForListItem function| CalloutAction_Share_IsVisible function| safeTruncateString function| safeTruncateStringFromStart function| getHostUrl function| isDefinedAndNotNullOrEmpty function| EnsureFileLeafRefName function| EnsureFileLeafRefSuffix function| EnsureFileDirRef function| getDocumentIconAbsoluteUrl function| displayGenericDocumentIcon function| Callout_OnOpeningCallback function| GenerateCtx function| EncodeUrl function| RenderUrl function| ResolveId function| EditRequiresCheckout function| AppendAdditionalQueryStringToFolderUrl function| FolderUrl function| RenderListFolderLink function| RenderDocFolderLink function| FieldRenderer_InitializePrototype function| FieldRenderer function| FieldRendererRenderField function| RawFieldRenderer_InitializePrototype function| RawFieldRenderer function| RawFieldRendererRenderField function| AttachmentFieldRenderer_InitializePrototype function| AttachmentFieldRenderer function| AttachmentFieldRendererRenderField function| RecurrenceFieldRenderer_InitializePrototype function| RecurrenceFieldRenderer function| RecurrenceFieldRendererRenderField function| ProjectLinkFieldRenderer_InitializePrototype function| ProjectLinkFieldRenderer function| ProjectLinkFieldRendererRenderField function| AllDayEventFieldRenderer_InitializePrototype function| AllDayEventFieldRenderer function| AllDayEventFieldRendererRenderField function| NumberFieldRenderer_InitializePrototype function| NumberFieldRenderer function| NumberFieldRendererRenderField function| BusinessDataFieldRenderer_InitializePrototype function| BusinessDataFieldRenderer function| BusinessDataFieldRendererRenderField function| DateTimeFieldRenderer_InitializePrototype function| DateTimeFieldRenderer function| DateTimeFieldRendererRenderField function| GetRelativeDateTimeString function| GetLocalizedCountValue function| GetDaysAfterToday function| TextFieldRenderer_InitializePrototype function| TextFieldRenderer function| TextFieldRendererRenderField function| LookupFieldRenderer_InitializePrototype function| LookupFieldRenderer function| LookupFieldRendererRenderField function| NoteFieldRenderer_InitializePrototype function| NoteFieldRenderer function| NoteFieldRendererRenderField function| UrlFieldRenderer_InitializePrototype function| UrlFieldRenderer function| UrlFieldRendererRenderField function| UserFieldRenderer_InitializePrototype function| UserFieldRenderer number| s_ImnId function| UserFieldRendererRenderField function| RenderUserFieldWorker function| RenderAndRegisterHierarchyItem function| OnPostRenderTabularListView function| OnPostRenderTabularListViewDelayed function| ListHeaderTouchHandler function| SPMgr object| spMgr function| OnTableMouseDown function| FHasRowHoverBehavior function| InitializeSingleItemPictureView function| SingleItem_RenderHeaderTemplate function| SingleItem_RenderFooterTemplate function| RenderSingleItemTopPagingControl function| SingleItem_RenderItemTemplate function| SingleItem_RenderItem function| GetRelativeUrlToSlideShowView function| IsPictureFile function| GetPictureUrl function| ToggleMaxWidth function| ClientPivotControl function| ClientPivotControlExpandOverflowMenu function| ClientPivotControl_InitStandaloneControlWrapper function| ClientPivotControlMenuItem function| ClientPivotControlMenuOption function| ClientPivotControlMenuSeparator function| ClientPivotControlMenuCheckOption function| $ function| jQuery function| AllWorldFunction function| CookieCBCC function| CookieCBCCTis function| positionPageMenu function| setMenu function| mainmenuMobile boolean| callRTO function| RTOCaller function| ItemCBCCManager function| TemplateManager function| TemplateManagerWithHF function| TemplateReplace function| TemplateOnlyBefore function| TemplateOnlyAfter function| TemplateAppendTo function| TemplatePrependTo function| TemplateAfter function| TemplateBefore function| Sys$Enum$parse function| Sys$Enum$toString function| Sys$Component$_setProperties function| Sys$Component$_setReferences function| $create function| $addHandler function| $addHandlers function| $clearHandlers function| $removeHandler function| $get function| $find function| Type object| Sys object| _events function| ULSaew string| carteDiCreditoElems function| TemplatePrivatiMenu_CarteDiCredito function| customItem_Privati_CarteDiCredito string| carteDiDebitoElems function| TemplatePrivatiMenu_CarteDiDebito function| customItem_Privati_CarteDiDebito string| cartePrepagateElems function| TemplatePrivatiMenu_CartePrepagate function| customItem_Privati_CartePrepagate string| az_CarteDiCretidoElems function| TemplateAziendeMenu_CarteDiCredito function| customItem_Aziende_CarteDiCredito string| az_CartePrepagateElems function| TemplateAziendeMenu_CartePrepagate function| customItem_Aziende_CartePrepagate string| az_CarteBccPosElems function| TemplateAziendeMenu_CarteBccPos function| customItem_Aziende_CarteBccPos string| vantaggiElems string| sicurezzaElems string| controlloElems function| TemplateVantaggiHome function| customItemVantaggi function| GetAnchor function| TemplateTopSlider function| customItemSlider string| headerSliderVantaggi string| bodySliderVantaggi string| footerSliderVantaggi string| headerOverlayVantaggi string| bodyOverlayVantaggi string| footerOverlayVantaggi number| stepOverlayVantaggi string| tempOverlayVantaggi function| TemplateVantaggiOverlay function| customBuildSliderBody function| customItemOverlayVantaggi function| customItemSliderVantaggi function| customItemOverlayManager string| liList_Privati string| panelList_Privati boolean| isFirst_Privati string| forYouPrivatiHeader string| forYouPrivatiFooter function| TemplateForYou_Privati function| customItemForYou_Privati function| getLi_Privati function| getPanel_Privati string| ElencoSubProdotti function| TemplatePrivatiMenu_ElencoProdotti function| customItem_ElencoProdotti string| headerNewsRoot string| bodyNewsRoot string| footerNewsRoot function| TemplateNews function| customItemRetail object| FB object| btCookiesAPI object| btCookies boolean| validazioneCookies object| _adftrack object| theForm function| __doPostBack function| WebForm_PostBackOptions function| WebForm_DoPostBackWithOptions object| __pendingCallbacks number| __synchronousCallBackIndex function| WebForm_DoCallback function| WebForm_CallbackComplete function| WebForm_ExecuteCallback function| WebForm_FillFirstAvailableSlot boolean| __nonMSDOMBrowser string| __theFormPostData object| __theFormPostCollection object| __callbackTextTypes function| WebForm_InitCallback function| WebForm_InitCallbackAddField function| WebForm_EncodeCallback object| __disabledControlArray function| WebForm_ReEnableControls function| WebForm_ReDisableControls function| WebForm_SimulateClick function| WebForm_FireDefaultButton function| WebForm_GetScrollX function| WebForm_GetScrollY function| WebForm_SaveScrollPositionSubmit function| WebForm_SaveScrollPositionOnSubmit function| WebForm_RestoreScrollPosition function| WebForm_TextBoxKeyHandler function| WebForm_TrimString function| WebForm_AppendToClassName function| WebForm_RemoveClassName function| WebForm_GetElementById function| WebForm_GetElementByTagName function| WebForm_GetElementsByTagName function| WebForm_GetElementDir function| WebForm_GetElementPosition function| WebForm_GetParentByTagName function| WebForm_SetElementHeight function| WebForm_SetElementWidth function| WebForm_SetElementX function| WebForm_SetElementY string| MSOWebPartPageFormName boolean| g_presenceEnabled boolean| g_wsaEnabled boolean| g_wsaQoSEnabled object| g_wsaQoSDataPoints number| g_wsaLCID number| g_wsaListTemplateId string| g_wsaSiteTemplateId boolean| _fV4UI object| _spPageContextInfo function| CallServer_50650042 function| _myLinksRibbonLoad2 function| _myLinksRibbonLoad1 string| L_Menu_BaseUrl string| L_Menu_LCID string| L_Menu_SiteTheme function| fnRemoveAllStatus object| _spWebPartComponents function| WebForm_OnSubmit function| _WebForm_InitCallback function| _WebForm_DoCallback function| submitHook string| deviceType object| criteo_q function| ManageNavHeaderCss string| url string| token function| printElemento function| EstraiStringa function| getDifferenzaData object| formDigestElement string| callBackFrameUrl number| _spFormDigestRefreshInterval function| _RegisterWebPartPageCUI function| __RegisterWebPartPageCUI string| __wpmExportWarning string| __wpmCloseProviderWarning string| __wpmDeleteWarning boolean| g_disableCheckoutInEditMode object| _spWebPermMasks string| offlineBtnText string| offlineBtnImg string| databaseBtnText string| databaseBtnDesc boolean| fDBInstalled object| ExpDatabase string| g_clientIdDeltaPlaceHolderMain string| g_clientIdDeltaPlaceHolderPageTitleInTitleArea string| g_clientIdDeltaPlaceHolderUtilityContent object| g_commandUIHandlers object| WPQ1ListData object| WPQ1SchemaData function| _initTRAWebPartWPQ1 undefined| serverFilterRootFolder undefined| currentRootFolder undefined| uri function| IsSharePointOpenDocuments object| EditDocumentButton object| WPQ2ListData object| WPQ2SchemaData function| _initTRAWebPartWPQ2 object| WPQ3ListData object| WPQ3SchemaData function| _initTRAWebPartWPQ3 object| WPQ4ListData object| WPQ4SchemaData function| _initTRAWebPartWPQ4 object| WPQ5ListData object| WPQ5SchemaData function| _initTRAWebPartWPQ5 object| WPQ6ListData object| WPQ6SchemaData function| _initTRAWebPartWPQ6 object| WPQ7ListData object| WPQ7SchemaData function| _initTRAWebPartWPQ7 object| WPQ8ListData object| WPQ8SchemaData function| _initTRAWebPartWPQ8 object| WPQ9ListData object| WPQ9SchemaData function| _initTRAWebPartWPQ9 object| WPQ10ListData object| WPQ10SchemaData function| _initTRAWebPartWPQ10 object| WPQ11ListData object| WPQ11SchemaData function| _initTRAWebPartWPQ11 object| WPQ12ListData object| WPQ12SchemaData function| _initTRAWebPartWPQ12 object| WPQ13ListData object| WPQ13SchemaData function| _initTRAWebPartWPQ13 object| WPQ14ListData object| WPQ14SchemaData function| _initTRAWebPartWPQ14 object| WPQ15ListData object| WPQ15SchemaData function| _initTRAWebPartWPQ15 object| WPQ16ListData object| WPQ16SchemaData function| _initTRAWebPartWPQ16 boolean| CoreJsApiPresent object| ctx2426 boolean| fNewDoc object| ctx2427 object| ctx2428 object| ctx2429 object| ctx2430 object| ctx2431 object| ctx2432 object| ctx2433 object| ctx2434 object| ctx2435 object| ctx2436 object| ctx2437 object| ctx2438 object| ctx2439 object| ctx2440 object| ctx2441 string| g_Workspace function| GooglemKTybQhCsO object| google_conversion_id object| google_conversion_format object| google_conversion_type object| google_conversion_order_id object| google_conversion_language object| google_conversion_value object| google_conversion_currency object| google_conversion_domain object| google_conversion_label object| google_conversion_color object| google_disable_viewthrough object| google_enable_display_cookie_match object| google_gtag_event_data object| google_remarketing_only object| google_conversion_linker object| google_tag_for_child_directed_treatment object| google_tag_for_under_age_of_consent object| google_allow_ad_personalization_signals object| google_restricted_data_processing object| google_conversion_items object| google_conversion_merchant_id object| google_user_id object| google_custom_params object| google_conversion_date object| google_conversion_time object| google_conversion_js_version object| onload_callback object| opt_image_generator object| google_gtm_url_processor object| google_conversion_page_url object| google_conversion_referrer_url object| google_gtm object| google_gcl_cookie_prefix object| google_gcl_cookie_path object| google_gcl_cookie_flags object| google_gcl_cookie_domain object| google_gcl_cookie_max_age_seconds object| google_read_gcl_cookie_opt_out object| google_basket_feed_country object| google_basket_feed_language object| google_basket_discount object| google_basket_transaction_type object| google_additional_conversion_params object| google_additional_params object| google_transport_url object| google_gtm_experiments function| fbq function| _fbq string| axel number| a object| currentLevel function| onYouTubeIframeAPIReady object| Adform object| KJUR object| adf function| $_global_dragdrop function| ULSAZP object| DragDropMode object| DragDropType object| DragDropLoggingLevel string| g_spDragImageClass undefined| g_dropSurface undefined| g_dropSurfaceBase string| g_dropSurfaceId string| g_dropSurfaceClass string| g_dropSurfaceClass_IE string| g_DragIDAttrName string| g_DropIDAttrName object| SPDragDropManager function| SPDragDropBase function| SPDraggable function| SPDroppable function| SPDragEvent function| SPPosition object| SPProgressMeter function| GetDragDropMode function| addListener function| removeListener function| GetTarget function| hasClass function| addClass function| removeClass function| sortNumber function| ShowElement function| HideElement object| g_dragdroplog function| logeventinfo function| loginfo function| displayDateTime function| ShowErrorDialogCore function| FullRefresh string| g_fileErrorDetailHTML function| RenderFileErrorDlgHtml function| createProgressElement function| createCloneElement string| docIconClass string| titleClass undefined| g_context string| g_dndDocItemFolderKey string| g_dndDocItemQLLib string| g_dndListItemQL function| SetDocItemDragDrop function| SetDocItemDragOption function| SetFolderItemDropOption string| g_docItemDragImageID string| g_docItemDragImageInnerHTML function| createDocItemDragImage function| SPDocItemDragData string| g_docItemDataKey boolean| g_outWindowBefore function| docItemDragStartHandler function| docItemDragStartForDragOut function| isDownloadWithUrlEnabled boolean| g_dragDownloadStarted function| detectWindowLeave function| docFolderDragEnterHandler function| docFolderDragOverHandler function| docFolderDropHandler function| GetDocIcon function| doMoveItems function| IIDObject function| GetParentIID function| GetListItemByID function| GetWPQTable function| GetIIDObject function| CheckFileExists function| ResolveConflictCommon function| InitMenuItemAsDroppable function| SetMenuItemDropOption function| docMenuItemDragEnterHandler function| docMenuItemDragOverHandler function| docMenuItemDropHandler function| UpdateMenuVisual function| GetMenuStatusIcon object| UploadType object| ControlStatus object| FileStatus object| ProgressMessage object| UploadStatus object| CancelConfirmationStatus number| C_MEGABYTES number| C_MAX_FILESIZE number| C_MAX_TOTALFILESIZE number| C_MAX_REQUESTSIZE number| C_MAX_FILECOUNT number| C_MIN_REFRESH_INTERVAL number| g_uploadType boolean| g_inplaceDisplay object| g_uploadCtl object| g_currentControl undefined| g_currentCtx function| registerDragUpload function| DragUploadControl function| DUCInitialize function| DUCBindDragDrop function| FileElement string| c_dropBoxDivID string| c_dropBoxTextID string| c_activeXObjectID string| c_activeXCLSID function| dropElementDragEnter function| DropBoxDragEnter function| DropBoxDragOver function| SkipDragLeave function| DropBoxDragLeave function| HideDropBox function| DropBoxDrop function| UserHasPermission function| PrepareFileList function| StartTask function| UploadState function| UploadCommandFunc function| UploadFinishFunc function| RefreshResult function| StartInlineDisplay function| RefreshInline function| CheckFilesCheckedOut function| trimRootFolder function| RenderDetailError function| GetSchemaFieldsXml function| RefreshListRows function| RefreshRowInError function| ShowFolderErrorDetails function| ShowAllErrorDetailsInDialog function| FindListRowByName function| GetListTBody function| UploadCancelFunc function| UploadProgressFunc function| StartTaskAX function| UploadAXCommandFunc function| GetFilesFromJSON function| DoValidate function| UpdateValidationResultAX function| StartUpload function| StartUploadWithXHR string| c_uploadUrl function| SendHttpRequest string| c_progInfoID string| c_progInfoClass string| c_progInfoClassInline string| c_progInfoTableID string| c_progInfoTableClass string| c_progMessageClass string| c_progIconID string| c_progTextID string| c_progCancelBtnID string| c_progRefreshBtnID string| C_detailRowId string| C_progImgClass string| c_progMeterTdID string| c_progMeterID string| c_progInfoCloseID string| c_progTableHTML string| c_progTableHTMLInline string| c_failedLinkABegin string| c_failedLinkAllErrorsABegin function| UpdateProgressBar function| CloseProgressBar function| cancelTask function| getUploadType function| checkInlineDisplay function| checkInlineDisplayError function| ShowErrorDialog function| DismissDlg function| ResolveConflict string| c_doRestDiv string| c_conflictButtons function| ShowConflictDialog function| DismissConflictDlg string| C_DETAILDIVID string| C_ERRTABLE string| C_ERRITEM string| C_ERRITEMNAME string| C_ERRITEMMSG function| PopulateErrorDetails function| ShowHideErrorDetails function| fValidDrag function| getCtx function| unescapeProperlyWp function| PostRefreshFixUp string| pluginID function| startDragDownload string| downloadAXID function| CreateDragDownloadPlugin function| resetDragDownload function| ShowErrorInvalidFile function| $_global_mquery function| m$ function| MQueryResultSet function| MQueryEvent function| $_global_core object| SPAnimation function| SPCurve function| SPKeyFrame function| Animation function| UpdateAnimationStateFromQuery function| AnimationEngine function| SPAnimation_State function| SPAnimation_Object function| AnimationUnit function| AnimationTelemetry function| GetCurrentAttributeValue function| TrySetProperty function| B1 function| B2 function| B3 function| B4 function| BezierFunction function| GetAnimationWSA object| SPAnimationUtility function| SPAnimUtil_TableAnimator function| SiteLogoImagePageUpdate function| SearchAreaPageUpdate boolean| IsMenuShown object| ChevronContainer object| itemTableDeferred object| imageCell boolean| onKeyPress object| downArrowText object| currentEditMenu object| currentItemID object| currentItemAppName object| currentItemProgId object| currentItemIcon object| currentItemOpenControl object| currentItemOpenApp object| currentItemFileUrl object| currentItemFSObjType object| currentItemContentTypeId object| currentItemCheckedOutUserId object| currentItemCheckoutExpires object| currentItemModerationStatus object| currentItemUIString object| currentItemCheckedoutToLocal number| bIsCheckout object| currentItemCanModify object| currentItemPermMaskH object| currentItemPermMaskL number| currentItemEvtType object| currentItemIsEventsExcp object| currentItemIsEventsDeletedExcp number| g_MaximumSelectedItemsAllowed object| g_CustomActionDialogHandlers number| g_CustomActionDialogHandlerId object| g_ExpGroupWPState object| DocOpen object| hoverTR object| ecbTD function| RowOnHover function| RowHoverOff function| IsEventTargetAnchor function| IsEventRightClickOnAnchor function| ShowMenuForTrOuter function| ShowCalloutMenuForTr function| ShowCalloutMenuForTrInner function| FIsMouseCursorInsideElement function| ShowECBMenuForTr object| ProtocolCommand object| phManager function| CBSelectedValues function| CBSelectedValues_InitializePrototype function| PageContextInfo function| PageContextInfo_InitializePrototype undefined| _groupCollapse undefined| bGridViewPresent undefined| _fV4Calendar undefined| _spCustomNavigateHierarchy object| g_ExtensionNotSupportCheckoutToLocal object| g_ExtensionDefaultForRead boolean| bValidSearchTerm undefined| ListCtrlObj boolean| fListControl boolean| fListErrorShown boolean| fNewDoc2 boolean| fNewDoc3 string| SPDesignerDownloadUrl string| SPDesignerProgID function| CtxRgiid function| CtxRgiid_InitializePrototype function| FilterNoteField function| _SelectField function| getSortQueryParam function| _FilterField function| CompleteDecode function| FilterFieldV3 function| restructureFilterUrl function| CanonicalizeUrlEncodingCase function| _SetControlValue function| SetSearchView function| GroupCollapse function| HandleFilter function| _SubmitFormPost function| DemoteIntoFormBody function| RemoveUrlKeyValue function| _RefreshPageTo number| g_varSkipRefreshOnFocus function| RefreshOnFocus function| RefreshOnFocusForOneRow function| DisableRefreshOnFocus function| SetWindowRefreshOnFocus function| RemoveParametersFromUrl function| _GoToPageRelative function| _EnterFolder function| _HandleFolder function| UseDialogsForNewItem object| g_useDialogAlwaysList function| UseDialogsForFormsPages function| GetCtxFromFormUrl function| UseDialogsForFormsWithCtx function| _EditItemWithCheckoutAlert function| _STSNavigateWithCheckoutAlert function| ShowInPopUI function| CheckoutAlertBeforeNavigate function| CheckoutviaXmlhttp function| FSupportCheckoutToLocal function| FDefaultOpenForReadOnly function| CheckoutDocument function| NewOrEditV4Core function| _NewItem2 function| _NewItem function| _EditItem2 function| _EditItem function| _CorrectUrlForRefreshPageSubmitForm function| _RefreshPage function| AJAXRefreshView function| AJAXRefreshViewOnDialogClose function| RefreshOnDialogClose function| OpenPopUpPageWithDialogOptions function| OpenPopUpPageWithTitle function| SetupAndOpenDialogForCustomAction function| CustomActionDialogCloseCallback function| RemoveCustomActionDialogPostMessageHandler function| _OpenPopUpPage function| _RemoveQueryStringsAndHash function| _OpenCreateWebPageDialog function| _EditLink2 function| EditLink function| _GoBack function| _ReplyItem function| GoBacktoCurrentIssue function| _ExportToDatabase function| _ExportList function| ExportDiagram function| OpenTasks function| CatchListCreateError function| RegisterTouchOverride function| EnsureListControl function| IsVoteOK function| hasHighChar function| _ClearSearchTerm function| _SubmitSearchRedirect function| ShowGridUrlInHTML function| SearchOnBodyLoad function| SearchOnBlur function| SearchOnFocus function| SubmitSearch function| _SubmitSearchForView function| IsKeyDownSubmit function| SearchViewKeyDown function| SearchKeyDown function| SearchKeyDownGoSearch function| _AlertAndSetFocus function| _AlertAndSetFocusForDropdown function| setElementValue function| GetMultipleSelectedText function| GetCBSelectedValues function| editDocumentWithProgID function| GetSPDDownLoadUrl function| PHSucceed function| _EditInSPD function| editDocumentWithProgID2 function| editDocumentWithProgIDNoUI function| RefreshOnNextFocus function| createNewDocumentWithProgID2Ex function| createNewDocumentWithProgID2 function| createNewDocumentWithProgIDEx function| createNewDocumentWithProgID function| createNewDocumentWithProgIDCore function| createNewDocumentWithRedirect2 function| createNewDocumentWithRedirect function| createNewInClient function| createNewInBrowser function| OnCloseDialogNavigate function| LRUCache function| LRUCache_InitializePrototype function| LRUCache_Add function| LRUCache_Remove function| _AddGroupToCookie function| _RemoveGroupFromCookie function| ExpGroupRenderCookie function| ExpGroupRenderCookieForWebPart function| ExpDataViewGroupOnPageLoad function| ExpGroupOnPageLoad function| ExpGroupParseCookie function| ExpGroupParseCookieForWebPart function| _ExpGroupBy function| SzExtension function| SzServer object| v_stsOpenDoc object| v_strStsOpenDoc function| NavigateParentOrSelf function| StsOpenEnsureEx function| _DispDocItem function| _DispDocItemExWithServerRedirect function| _DispDocItemEx function| DispDocItemExWithEvent function| CancelMyEvent function| DispDocItemEx2 function| DispDocItemExWithOutContext function| AddSourceToUrl function| IsInfoPathProgId function| AddInfoPathParametersToUrl function| _VerifyFolderHref function| _VerifyHref function| GetRedirectedHref function| _DispEx function| IsClientAppInstalled function| ViewDoc function| _PortalPinToMyPage3 function| _PortalPinToMyPage function| SetFieldValue function| _MoveToViewDate function| MoveToViewDatePostBack function| AjaxCalendarCall function| _MoveToDate function| MoveToToday function| MoveView function| _ClickDay function| GetIframe function| _GetMonthView function| NewItemDT function| ClickTime function| NewItemDay function| ScrollToAnchorInInnerScrollPane function| FilterChoice function| _OptLoseFocus function| SetCtrlMatch function| _SetCtrlFromOpt function| HandleOptDblClick function| HandleOptKeyDown function| CommitInlineEditChange function| InlineEditNextTR function| HandleInlineEditKeyDown function| EnsureSelectElement function| HandleKey function| ShowDropdown function| HandleChar function| HandleLoseFocus function| HandleChange function| IsSafeHref function| Discuss string| g_AdditionalNavigateHierarchyQString function| GetAdditionalNavigateHierarchyQString function| SetAdditionalNavigateHierarchyQString function| ProcessDefaultNavigateHierarchy function| ParseMultiColumnValue function| ConvertMultiColumnValueToString object| httpFolderTarget object| httpFolderSource object| httpFolderDiv function| NavigateHttpFolderCore function| NavigateHttpFolder function| NavigateHttpFolderIfSupported function| AutoIndexForRelationshipsConfirmation function| SetHomePage2 function| SetHomePage function| SendEmail function| TryCopyStringToClipboard function| CopyStringToClipboard function| CopyPageAddressToClipboard function| showViewSelector function| EnsureValidPositioningElement function| EnsureCheckoutAndChangeLayoutModeToEdit function| _ChangeLayoutMode function| OpenWebPartMenuFromLink function| OpenWebPartMenu function| UpdateWebPartMenuFocus function| _WebPartMenuKeyboardClick function| _ShowToolPane2Wrapper function| ChangeWebPartPageView function| _SetupFixedWidthWebParts function| EnsureSelectionHandlerOnFocusDeferred function| EnsureSelectionHandlerDeferred function| AddKeyDownEventHandler function| ItemIsSelectable function| ItemIsCurrentlyVisible function| ItemIsCurrentlySelected function| ItemHasiid function| OnListViewKeyDown function| OpenCallOutOrECB function| ListItem_Open function| OpenDocItem function| OpenListItem function| GetListItemDataFromTr function| GetListItemDataFromTrInternal function| GetListContextFromTr function| GetListContextFromContextNumber function| ListItemDataFromId function| SelectNextRow function| GetLastSelectedRow function| GetIndexFromIID function| GetLastSelectedRowIndex function| GetTrFromIID function| SelectRowByIID function| SelectRowByIndex function| EnsureKeyBoardHandlersRegistered function| MakeDefaultSelectionForListView function| GetNextRow function| HandleItemDelete function| GetItemRow2 function| GetItemRow function| TooltipOfRow function| AlertCheckOut function| UpdateAutoModeImage function| AddAutoModeTag function| GetItemRowCbx function| GetEcbTdFromRow function| GetEcbDivFromEcbTd function| GetEcbAffordanceDivFromRow function| UpdateAutoMode function| ClickToEdit function| HideItemCbx function| DisplayItemCbx function| Log function| _ToggleAllItems function| ToggleAllItems2 function| SelectAllItems function| DeselectAllItems function| DeselectCollapsedGroup function| HandleSingleGroupByRow function| RefreshCommandUI function| _CommandUIExecuteCommand function| OnItemSelectionChanged function| IdFromRow function| CtxFromRow function| GroupNameFromRow function| GroupStringFromGroupName object| previousClickedItemRow function| IsCallOutOn function| SingleItemSelectByElement function| MultiItemSelect function| OpenCalloutAndSelectItem function| SingleItemSelect function| SingleItemSelectInternal function| Point function| GetCellCoordinates function| ElementContainsLink function| clearECBMenu function| tdHasEcbMenu function| ToggleItemRowSelection function| ToggleItemRowSelection2 function| UpdateSelectAllCbx function| SelectListItem function| FocusRow function| SetFocusOnRowDelayed function| CountTotalItems function| CountSelectedItems function| GetCtxRgiidFromIid function| GetWebPartDiv function| GetCurrentCtx function| GetLastSelectableRowIdx function| UpdateCtxLastSelectableRow function| DeselectAllWPItems function| callOpenBreadcrumbMenu function| HasCssClass function| AddSpaceToEmptyTDs function| AddBorderToLastCell function| AddCssClassToElement function| RemoveCssClassFromElement function| AddGallery_TypeOf function| IsLanguageSupportedInSilverlight function| IsSilverlightInstalled function| IsAddGalleryProviderEnabled function| SilverlightBasedCreateHandler function| LaunchCreateHandler object| isdlg function| QstringStruct function| QstringStructToString function| QstringStructToArray function| Diff function| ReconcileQstringFilters function| PageActionClick function| ShowWebPartAdder function| GenerateXMLArray function| GetAncestor function| GetAncestorByTagNames function| StURLNormalize function| QuickLaunchInitDroppable object| g_listItemCache function| GetListItemByIID function| FixRibbonAndPageLayout undefined| g_fRibbonAnimationEnabled boolean| g_fSkipAnimation boolean| g_fSkipNextTabExpandAnimation function| PrepareRibbonForAnimation function| AnimateRibbonMinimizedChanged function| UpdateAnimationUserControl function| ToggleAnimationStatus function| setupPageDescriptionCallout function| SendAjaxFormPostWithFormDigest function| numToPx number| g_InViewPort number| g_OutOfViewPortCloserToTop number| g_OutOfViewPortCloserToBottom function| ElementInViewportVertical function| GetSuiteHelpLink function| SuiteLinksEmptyOrSuiteHelpLinkIsCached function| GetCurrentUserKey function| GetCurrentUICultureOrNone function| GetSuiteLinks function| CtxFromElement object| g_NotificationEngine number| g_notiExpireTimerId object| g_standardNotiCt object| g_statusNotiCt object| SPNotifications number| g_SPNotificationEventID_Count function| addNotification function| removeNotification function| NotificationEngine function| SPNotification function| SPNotificationContainer function| SPStatusNotificationData function| addSharingNotification number| cGCMinimumWidth number| cGCMinimumHeight number| cGCMaxGCResizeCount number| glGCObjectHeight number| glGCObjectWidth number| glGCResizeCounter function| GCComputeSizing function| GCResizeGridControl function| GCWindowResize function| GCOnResizeGridControl function| _GCActivateAndFocus function| _GCNavigateToNonGridPage function| GCAddNewColumn function| GCEditDeleteColumn object| objGCGlobal function| GCShowTaskPane function| GCShowHideTaskPane function| GCShowHideTotalsRow function| GCGridNewRow function| GCRefresh function| GCNewFolder function| PositionInfo function| PositionInfo_InitializePrototype function| CUIInfo function| resetExecutionState function| resetItemGlobals object| ecbManager function| IsMenuEnabled function| GetSelectedElement function| setupMenuContext function| setupMenuContextName function| FindSTSMenuTable function| OnLinkDeferCall function| StartDeferItem function| IsAjaxMenu function| DeferredOnItem function| EndDeferItem function| GetLastChildElement function| CreateHiddenCtxMenu function| CreateCtxImg function| CreateCtxImg_Helper function| FindCtxImg function| RemoveCtxImg function| ShowCtxImg function| GetPosition function| GetElemHeight function| PositionCtxImg function| getCurrentEltStyleByNames function| getWidthFromPxString function| IsInCtxImg function| OnItemDeferCall function| OutItem function| IsContained function| IsMenuOn function| _ListHeaderMenu_OnMouseDown function| _PopMenuFromChevron function| PopMenu function| CreateMenuEx function| BuildMenuWithInit function| BuildMenu function| GetParentLinkFromEvent function| isInvalidAjaxMenuElement function| CreateAjaxMenu string| ecbItems function| FetchEcbInfo function| CallBackWithRowData function| CreateMenu function| AddSendSubMenu function| AddDocTransformSubMenu function| AddMeetingMenuItems function| AddListMenuItems function| ReplaceUrlTokens number| SYSTEM_ACCOUNT_ID function| UseCustomAction function| InsertFeatureMenuItems function| GetRootFolder2 function| GetRootFolder function| HasRights function| EqualRights function| CheckIfHasRights function| IsTrimmedBySystem function| GetPermMaskH function| GetPermMaskL function| SetCurrentPermMaskFromString function| AddSharedNamespaceMenuItems function| AddSolutionsCatalogMenuItems function| AddSolutionMenuHelper function| AddSolutionMenuActivate function| AddSolutionMenuDeactivate function| AddSolutionMenuUpgrade function| AddSolutionMenuDelete function| RunSolutionOperation function| AddDocLibMenuItems function| AddManagePermsMenuItem function| AddGotoSourceItemMenuItem function| CheckoutSingleItemFromECB function| AddCheckinCheckoutMenuItem function| AddWorkflowsMenuItem function| AddWorkspaceMenuItem function| AddVersionsMenuItem function| AddWorkOfflineMenuItem function| AddVersionMenuItems function| NavigateToApproveRejectAspx function| PublishMajorVersion function| _NavigateToSubNewAspx function| NavigateToSubNewAspxV4 function| NavigateToVersionsAspx function| NavigateToVersionsAspxV4 function| NavigateToSendToOtherLocationV4 function| UnDoCheckOutwithNotification function| UnDoCheckOut function| UnPublish function| NavigateToCheckinAspx function| _NavigateToManagePermsPage function| NavigateToManagePermsPageEx function| NavigateToSourceItem function| setDocType function| DeleteListItem function| DeleteDocLibItem function| EditMenuDefaultForOnclick function| EditListItem function| _DoNavigateToTemplateGallery function| Portal_Tasks function| IsContextSet function| ChangeContentType function| _TopHelpButtonClick function| GetSPHelpUrl function| ShowHelpWindow function| HelpWindowHelper function| _HelpWindowKey function| _HelpWindowUrl function| _HelpWindow function| _ToggleFullScreenMode function| SetFullScreenMode function| FullScreenModeOnKeyDown function| InitFullScreenMode function| EditSelectedImages function| DeleteImages function| SendImages function| DownloadImages function| MtgToggleTimeZone function| GetPageUrl function| MtgNavigate function| GoToMtgMove function| MtgKeep function| MtgDelete function| SetMtgCookie function| SetAsLastTabVisited function| MtgRedirect function| MakeMtgInstanceUrl object| filterTable boolean| bIsFilterMenuShown boolean| bIsFilterDataLoaded object| filterImageCell object| currentFilterMenu object| loadingFilterMenu object| ctxFilter boolean| bIsFilterKeyPress object| filterStr string| strFieldName boolean| bMenuLoadInProgress object| strFilteredValue boolean| bIsMultiFilter object| fnOnFilterMouseOut function| resetFilterMenuState function| setupFilterMenuContext function| IsFilterMenuOn function| IsFilterMenuEnabled function| OnMouseOverFilterDeferCall function| OnMouseOutFilter function| _OnFocusFilter function| PopFilterMenu function| CreateFilterMenu function| GetUrlWithNoSortParameters function| IsFieldNotSortable function| addSortMenuItems function| CAMOptFilter function| ShowFilterLoadingMenu function| IsFieldNotFilterable function| addFilteringDisabledMenuItem function| addFilterMenuItems function| getFilterValueFromUrl function| _OnIframeLoad function| addFilterOptionMenuItem function| OnMouseOverAdHocFilterDeferCall function| addAdHocFilterMenuItems function| UpdateFilterCallback function| FilterOMenu function| _OnClickFilter function| ToggleSelectionAllUsers function| _UserSelectionOnClick function| initPageRequestManagerForDFWP function| hideMRBForRequest function| hideMRB function| hideElement undefined| g_errMsg undefined| L_SSCDlgInvalidCharacter_TEXT undefined| g_btnCreateId undefined| g_txtTitleId undefined| g_CusValTxtTitle function| format function| SSC_ValidateRequiredFields function| SSC_MakeErrorStatusWithMessage function| SSC_MakeErrorStatus function| RibbonBlock undefined| _ribbon function| _ribbonClear function| _ribbonInitFunc1Wrapped function| _ribbonStartInitWrapped undefined| _spRibbonInstantiateByRibbonControl function| RibbonControlInitWrapped function| _registerCUIEComponentWrapped function| _ribbonKeyboardTitleShortcutWrapped function| _ribbonOnWindowResizeForHeaderScalingWrapped function| _ribbonInitResizeHandlers function| _ribbonAddEventListener function| FNEmpWz function| AChld function| AImg function| CMenu function| CMItm function| CMOpt function| CAMOpt function| CIMOpt function| CMSep function| CAMSep function| CSubM function| CASubM function| FRdy function| OMenu function| OMenuInt function| OMenuEvnt function| kfnDisableEvent object| g_menuHtc_lastMenu number| g_uniqueNumber boolean| g_MenuEndOfDOM function| RenderECBBackwardCompatibilityMode function| IsAccessibilityFeatureEnabledProxy function| MenuHtc_show function| MenuHtc_hide function| MenuHtc_isOpen function| MenuHtc_item function| TrapMenuClick function| SetBodyEventHandlers function| HandleDocumentBodyClick function| GetEventPopup function| GetUniqueNumber function| MenuHtc_init function| PrepContents function| FixUpMenuStructure function| IsElementRtl function| getElementOverFlowStyle function| AdjustScrollPosition function| ElementPosition_InitializePrototype function| ElementPosition function| MenuHtc_GetElementPosition function| MenuTag function| MenuTag_InitializePrototype function| CreateMenuTag function| TransferEventToMenu function| MenuHtcInternal_Show function| GetWindowPosition function| SetMenuPosition function| SetBackFrameSize function| HideMenu function| IsOpen function| FindLabel function| ShowRoot function| ShowSubMenu function| ShowSubMenuEvnt function| SetShowSubMenuEvnt function| ClearTimeOut function| ClearShowSubMenuEvnt function| GetEventSrcItem function| UpdateLevel function| PopupMouseOver function| PopupMouseLeave function| PopupMouseOverParent function| PopupMouseLeaveParent function| ClearTimeOutToHideMenu function| SetTimeOutToHideMenu function| PopupMouseClick function| PopupKeyDown function| SetNewId function| AssureId function| NavigateToMenu function| ExecuteOnClick function| EngageSelection function| RefreshClearAndFilterMenu function| RefreshOpenedSortMenu function| CloseCurrentLevel function| UnselectCurrentOption function| MakeID3 function| GetItem function| MoveMenuSelection function| ToggleMenuItem function| SelectItemStatic function| SelectItem function| UnselectItem function| SetImageSize function| CreateMenuOption function| CreateMenuSeparator function| CreateSubmenu function| MergeAttributes function| CreateMenuItem function| GetItems function| GetIType function| FIsIType function| SetIType function| FIStringEquals function| RenderAccessibleMenu function| CloseAccessibleMenu function| GetMenuItemText function| GetMenuItemEnabled undefined| g_menuHtc_html function| RenderMenuLevel function| ExecuteOnAccessibleClick function| FIsIHidden function| EvalAttributeValue function| Menu_AddCssClassToElement string| MMU_chDelim string| MMU_chDelimEnc string| MMU_postbackPrefix string| MMU_chDelim2 string| MMU_chDelim2Enc function| MHash_InitializePrototype function| MHash function| MHash_Add function| MHash_Count function| MHash_Keys function| MHash_Values function| MHash_Exists function| MHash_Item function| ParseContext_InitializePrototype function| ParseContext object| MMU_reDelimEnc object| MMU_reDelim2Enc object| MMU_reDelimDec object| MMU_reDelim2Dec function| MMU_EncVal function| MMU_DecVal function| MMU_ParseNV function| MMU_ParseNVAttr function| MMU_ResetMenuState function| MMU_ReplTokValAttr function| MMU_ReplTokValVal function| MMU_ReplTokVal object| g_MMU_HighlightedEcbTable object| g_MMU_HighlightedEcbTableOpen object| g_MMU_OpenTimeoutHandle function| MMU_Open function| SetEcbMouseOutAndDestroy function| ClearHighlightedEcbTableOpen function| MMU_EcbLinkOnFocusBlurDeferCall function| MMU_EcbTableMouseOverOutDeferCall function| MMU_EcbHighlight function| MMU_PopMenuIfShowingDeferCall function| MMU_HandleArrowSplitButtonKeyDown function| MMU_HandleArrowOnHoverKeyDown function| MMU_GetHighlightElement object| g_MMU_theFormActionAtPageLoad object| g_MMU_Form0ActionAtPageLoad object| g_MMU_Form0ActionAtPreMenuOpen function| MMU_CallbackPreMenuOpen object| g_MMU_RequestTimeoutTimeoutHandle function| MMU_RemoveCallbackItemsFromMenuTemplate function| MMU_StopPendingTimerEventsFromCallback undefined| loadingMessageMenuItem function| MMU_UpdateMenuTemplateWithErrorItem function| MMU_UpdateOpenedMenuWithErrorItem function| MMU_CallbackHandler function| MMU_CallbackErrHandler function| combineDocuments function| repairLinks function| repairAllLinks function| NavigateToManageCopiesPage function| AddVersionMenuItemsCore function| ViewVersion function| RestoreVersion function| TakeOfflineVersion function| DeleteVersion function| DeleteAllVersions function| DeleteAllMinorVersions function| GetServerRelativeUrlFromURL function| GetTargetHandler undefined| _spFullDownloadList function| IsFailoverTarget function| GetQuery function| IsFailoverQuery function| SPUpdatePage function| _AddSilverlightWebPart function| _AddSilverlightWebPartPopupUI_InitializePrototype function| _AddSilverlightWebPartPopupUI function| _AddSilverlightWebPartPopupUI_show function| _AddSilverlightWebPartPopupUI_dialogCallback function| _ConfigSilverlightWebpart function| _ConfigSilverlightWebpartPopupUI_InitializePrototype function| _ConfigSilverlightWebpartPopupUI function| _ConfigSilverlightWebpartPopupUI_show function| _ConfigSilverlightWebpartPopupUI_dialogCallback function| LaunchApp object| _launchNotificationId function| LaunchAppInternal object| _tenantAppData function| GetTenantAppData function| $_global_sharing function| ULSoNk function| GetSharingStatusHtml function| ApplySharingListStyles function| DisplaySharingDialog function| NavigateToRootLibraryWithoutQueryString function| DisplaySharedWithDialog undefined| SetSelectedPermission function| ManageLinkParams function| DisplayManageLinkDialog function| OnDisableLink function| DismissTopDlg function| SelectOnFocus function| $_global_callout function| ULSIU5 function| Callout object| calloutManager object| CalloutManager function| CalloutOpenOptions function| CalloutOptions function| CalloutAction function| CalloutActionOptions function| CalloutActionMenu function| CalloutActionMenuEntry function| onCalloutActionMenuEntryClick function| ULSVCK function| ListContext function| sp_init_initialize function| ULSaKF function| sp_ui_dialog_initialize function| ULSnd3 function| IEnumerator function| IEnumerable function| IDisposable function| sp_runtime_initialize function| ULSdih function| sp_initialize function| $_global_inplview object| g_SPGridInitInfo function| SPGridInitInfo function| SPGridToggleAllItems function| SPGridMakeInplviewRequest function| SPGridFetchData function| SPGridFetchSchema function| GetCtxFromView function| RenderSPGridBody function| PostRenderAfterJSGridRender function| PostRenderSPGrid function| TryRefreshGrid function| ExitGrid function| InitGridFromView function| InitGrid function| TranslateCSRtoJsGrid function| TranslateCSRtoJsGridFieldName function| TranslatedCSRtoJsGridFieldData function| TranslateCSRtoJsGridField function| CreateColumn function| GetSPGanttFromCtx undefined| AllViews function| ShowSaveAsNewViewDialog function| DismissSaveAsNewViewDialog function| GetExistingView function| ValidateNewOrUpdatedView function| SaveThisView function| SelectedItem function| SwapNode function| CountDictionary function| EncodeQueryStringAsHash function| DecodeHashAsQueryString function| CLVP_InitializePrototype function| CLVP function| CLVPInit function| CLVPFindTab function| CLVPFindWebPartDiv function| CLVPRestoreNavigation function| CLVPGetQueryStringFromHash function| CLVPSyncPagingTables function| CLVPRehookPaging function| CLVPFilterString function| CLVPPagingString function| CLVPRefreshPaging function| RefreshPageToEx function| CLVPRefreshPagingEx function| CLVPResetSelection function| CLVPWebPartId function| FixAggregate function| FixSortOrderIcon function| FixSortOrderIcon_NonCSR function| CLVPCancelAnyOutstandingRequest function| EnableListAnimation function| ReRenderListView function| CLVPRefreshCore object| SPListOperationType function| AnimateListDelta function| FetchTableBodies function| IsVisible function| FixupTable function| CLVPRefreshCurrent function| CLVPGetQueryString function| CLVPRefreshEcbInfo function| CLVPCacheEcbInfo function| CLVPEnsureEcbInfo function| CLVPInvalidateEcbInfo function| CLVPGetEcbInfo function| CLVPEnsureChangeContext function| CLVPDeleteItemCore function| CLVPCheckoutItem function| CLVPDiscardCheckoutItem function| CLVPCheckinItem function| CLVPManageCopies function| CLVPShowErrorDialog function| CLVPRefreshInplViewUrl function| CLVPInplViewUrl function| CLVPInplViewUrlTrim function| CLVPInplViewUrlHash function| CLVPShowPopup function| CLVPIsInGroupCache function| CLVPCacheGroupName function| CLVPDeleteGroupNameCache function| CLVPEnqueueEcbInfoRequest function| CLVPNoOutstandingECBRequests function| SetFocusBack function| ExpColGroupScripts function| InitCLVPs function| CLVPFromCtx function| CLVPFromEventReal function| SetUrlKeyValue function| FixUrlFromClvp function| FixUrlFromClvp2 function| STSNavigateToViewReal function| STSNavigate2Real function| GetSource2 function| FindClvp function| getFilterQueryParam function| OnClickFilterV4 function| HandleFilterReal function| RefreshInplViewUrlByContext function| RefreshInplViewUrl function| RefreshInplViewUrlInternal function| CancelRefreshViewByContext function| CancelRefreshView function| CancelRefreshViewInternal function| HandleRefreshViewByContext function| HandleRefreshView function| HandleRefreshViewInternal function| InitAllClvps function| FixDroppedOrPastedClvps function| FocusInfo_InitializePrototype function| FocusInfo object| focusAcc function| GetFocusInfo function| ExpGroup function| DeleteSelectedItemsCore function| DeleteSelectedItems function| ContainsRecurrenceItem function| CheckOutSingleItem function| FixupCtx function| CheckInSingleItemFromECB function| CheckInSingleItem function| CheckInNotifyAndRefreshPage function| AttachFile function| ManageCopies function| CheckoutSelectedItems function| DiscardCheckoutSelectedItems function| CheckinSelectedItems function| CLVPModerateItem function| ModerateSelectedItems function| DismissErrDlg function| CanNavigateUp function| NavigateUp function| EnumCLVPs function| RestoreClvpNavigation function| RestoreAllClvpsNavigation object| inplview function| CompareUrls function| MergeListData function| CanSupportRoamingApps

55 Cookies

Domain/Path Name / Value
www.cartabcc.it/Pagine Name: databaseBtnText
Value: 0
www.cartabcc.it/Pagine Name: databaseBtnDesc
Value: 0
i.liadm.com/s Name: _li_ss
Value: MgkI_____wcQ_xA
www.cartabcc.it/ Name: TBMCookie_9865384463882519378
Value: 8867800016382775244V4dKznJ5qAjfAsG7tccLZpZ2DI=
www.cartabcc.it/ Name: ___utmvm
Value: ###########
.cartabcc.it/ Name: _ga_FE9QMZSP59
Value: GS1.1.1638277539.1.0.1638277539.60
.cartabcc.it/ Name: _ga
Value: GA1.1.2112752214.1638277540
www.cartabcc.it/ Name: ___utmvc
Value: navigator%3Dtrue,navigator.vendor%3DGoogle%20Inc.,navigator.appName%3DNetscape,navigator.plugins.length%3D%3D0%3Dfalse,navigator.platform%3DLinux%20x86_64,navigator.webdriver%3Dfalse,plugin_ext%3Dno%20extention,ActiveXObject%3Dfalse,webkitURL%3Dtrue,_phantom%3Dfalse,callPhantom%3Dfalse,chrome%3Dtrue,yandex%3Dfalse,opera%3Dfalse,opr%3Dfalse,safari%3Dfalse,awesomium%3Dfalse,puffinDevice%3Dfalse,__nightmare%3Dfalse,domAutomation%3Dfalse,domAutomationController%3Dfalse,_Selenium_IDE_Recorder%3Dfalse,document.__webdriver_script_fn%3Dfalse,document.%24cdc_asdjflasutopfhvcZLmcfl_%3Dfalse,process.version%3Dfalse,navigator.cpuClass%3Dfalse,navigator.oscpu%3Dfalse,navigator.connection%3Dtrue,navigator.language%3D%3D'C'%3Dfalse,window.outerWidth%3D%3D0%3Dfalse,window.outerHeight%3D%3D0%3Dfalse,window.WebGLRenderingContext%3Dtrue,document.documentMode%3Dundefined,eval.toString().length%3D33,digest=
www.cartabcc.it/ Name: stsSyncAppName
Value: Client
www.cartabcc.it/ Name: stsSyncIconPath
Value:
.adform.net/ Name: C
Value: 1
.criteo.com/ Name: uid
Value: b74c7f02-5b8b-43c4-99c1-2e87e75488d5
.adform.net/ Name: uid
Value: 283098040824480418
.cartabcc.it/ Name: _fbp
Value: fb.1.1638277540864.186521636
www.cartabcc.it/ Name: WSS_FullScreenMode
Value: false
.cartabcc.it/ Name: cto_bundle
Value: HRefjl9wR0xHUCUyQlJnZWRaR0VRcWdobTZuRDRWUiUyRlFRU0tlTkYweEVZZ1YlMkJNSnUyNWhyRmxIYThEZ1ljMThpcklCMktqMThBSTJjNE1UdDI5RjcwSXZjNyUyQlp3aWpqS0VzSHhhRUxWZmhBRVJVQVFQJTJCcFBpa0k3QnUzMXpuS0h2JTJCb3A3T0N3SHElMkY2NEtVZHNSRSUyQkQ4c0lIUW53JTNEJTNE
.bing.com/ Name: MUID
Value: 3C5DE4E65650678B2718F419573B665C
.adnxs.com/ Name: uuid2
Value: 7582044981547839352
.doubleclick.net/ Name: IDE
Value: AHWqTUneSnBDRnZfn-0YomGyj3CWHnJbwY5mp1OYxFl1TV_fjOza2Vp2DJwoHLaWbwU
.yahoo.com/ Name: A3
Value: d=AQABBKUhpmECEJejbskYaPA_l8va50qiup0FEgEBAQFzp2GwYQAAAAAA_eMAAA&S=AQAAAjZlVP2HBkTAbNRN6VUBW9o
.360yield.com/ Name: tuuid
Value: 1336f4bc-eff0-423a-bd3c-d783ebd5d7e7
.360yield.com/ Name: tuuid_lu
Value: 1638277541
.pubmatic.com/ Name: PUBMDCID
Value: 3
.taboola.com/ Name: t_gid
Value: 32bee9e6-91d9-4b65-b8b3-65e2bf9dfd92-tuct89fa725
.360yield.com/ Name: um
Value: !38,a.Nms-PgLAzd77O1fW1yAZqt0yDk77ncIEiAKDAl.91usannl6YrEGNlPTEsJX9Jvhd5pTX0,1646053541
.360yield.com/ Name: umeh
Value: !38,0,1700485541,-1
.casalemedia.com/ Name: CMID
Value: YaYhpbE10VTvRulW2jQaXwAA
.casalemedia.com/ Name: CMPS
Value: 299
.3lift.com/ Name: tluid
Value: 18189104882095291237
.casalemedia.com/ Name: CMPRO
Value: 295
.casalemedia.com/ Name: CMRUM3
Value: 1461a621a52760k-SvMr8uwuHoplkJMPFJsf4Qkq7HONR4xQCIRW3A
.casalemedia.com/ Name: CMST
Value: YaYhpWGmIaUA
.sharethrough.com/ Name: stx_user_id
Value: 65b93673-a740-4a54-a818-379deca6b341
.media.net/ Name: visitor-id
Value: 2812791412311089000V10
.media.net/ Name: data-c-ts
Value: 1638277541
.media.net/ Name: data-c
Value: k-YdGUsuwuHoplkJMPFJsf4Qkq7HN2dDDtWi6glA~~3
.bidswitch.net/ Name: tuuid
Value: 14072d04-a85b-4d48-8303-1d1b0d2f5ef1
.bidswitch.net/ Name: c
Value: 1638277541
.bidswitch.net/ Name: tuuid_lu
Value: 1638277541
.advertising.com/ Name: APID
Value: UP389e7163-51de-11ec-8c54-022e3a216146
ads.stickyadstv.com/ Name: UID
Value: 9f3642ee7b84372ade46d929411f25ed
ads.stickyadstv.com/ Name: uid-bp-11554
Value: k-cOwU--wuHoplkJMPFJsf4Qkq7HNAerk18UUN5Q
ads.stickyadstv.com/ Name: sessionId
Value: 4d16309f5611839821b0f6f7d7efd86e
.outbrain.com/ Name: obuid
Value: d70f0cbe-9cca-41f2-b75f-6d6a4de60dbb
.outbrain.com/ Name: criteo
Value: k-o3GwE-wuHoplkJMPFJsf4Qkq7HM-fe7vRNxmdQ
.adnxs.com/ Name: anj
Value: dTM7k!M4/8D>6NRF']wIg2E?#H@!2l!EKw)06K+2*qF1`*bcr:%I7#-
.mgid.com/ Name: muidn
Value: lauFMhZh3x55
.mgid.com/ Name: __cf_bm
Value: oraGu09aqCknXjvR71FNxBFeTOK8fpL23nl7024dx9Y-1638277541-0-AZA4cmEVEx/jxYYr++Kq1HIQkwRxdau2DsUky6N0ufLwyLZnnxXumQSU6e/HLZxBya8RpXOSegLcgZqtR6mBWKA=
.analytics.yahoo.com/ Name: IDSYNC
Value: "18zh~21tp:1761~21tp"
.yahoo.com/ Name: APID
Value: UP389e7163-51de-11ec-8c54-022e3a216146
.yahoo.com/ Name: APIDTS
Value: 1638277541
cm.mgid.com/ Name: mg_sync
Value: {"617660":1638277541}
.yieldmo.com/ Name: yieldmo_id
Value: g5075590c1a7b67af463%7C1638277541861%7C0%7C
.ads.yieldmo.com/ Name: ptrcriteo
Value: k-1cfQa-wuHoplkJMPFJsf4Qkq7HNjHOpbGKj6zQ
.liadm.com/ Name: lidid
Value: 59dbacb9-496e-4908-8b76-0c3b34458797

408 Console Messages

Source Level URL
Text
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 8)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".
security error (Line 6)
Message:
[Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

5139589.fls.doubleclick.net
ad.360yield.com
ads.stickyadstv.com
ads.yahoo.com
adservice.google.com
adservice.google.it
analytics.google.com
c.bing.com
cdn.stickyadstv.com
cm.adform.net
cm.g.doubleclick.net
cm.mgid.com
connect.facebook.com
connect.facebook.net
contextual.media.net
criteo-sync.teads.tv
dis.criteo.com
eb2.3lift.com
graph.facebook.com
gum.criteo.com
i.liadm.com
i6.liadm.com
ib.adnxs.com
match.sharethrough.com
matching.ivitrack.com
mug.criteo.com
pixel.advertising.com
pixel.rubiconproject.com
r.casalemedia.com
rtb-csync.smartadserver.com
s.ad.smaato.net
s2.adform.net
secure.adnxs.com
simage2.pubmatic.com
sslwidget.criteo.com
static.criteo.net
static.xx.fbcdn.net
stats.g.doubleclick.net
sync-criteo.ads.yieldmo.com
sync-t1.taboola.com
sync.outbrain.com
track.adform.net
ups.analytics.yahoo.com
visitor.omnitagjs.com
www.cartabcc.it
www.facebook.com
www.google.it
www.googleadservices.com
www.googletagmanager.com
x.bidswitch.net
104.111.242.245
104.19.132.78
13.248.245.213
141.226.228.48
142.250.185.226
142.250.186.66
149.154.92.61
178.250.0.157
178.250.0.163
178.250.2.151
18.156.0.31
18.157.150.79
18.214.196.229
185.255.84.152
185.33.221.13
185.33.221.90
185.64.189.110
185.86.139.115
2.18.234.21
2.21.140.74
2.21.142.210
2001:4de0:ac19::1:b:2a
216.58.212.166
2600:1f18:444a:4680:469d:1ee7:c700:42a5
2600:9000:20eb:9000:1b:5138:8a40:93a1
2620:1ec:c11::200
2a00:1288:80:800::7001
2a00:1450:4001:80f::200e
2a00:1450:4001:812::2002
2a00:1450:4001:828::2002
2a00:1450:4001:829::2008
2a00:1450:4001:82b::2003
2a00:1450:400c:c08::9a
2a02:2638:1::3
2a02:2638::1c
2a03:2880:f01c:216:face:b00c:0:3
2a03:2880:f045:12:face:b00c:0:2
2a03:2880:f11c:8083:face:b00c:0:25de
3.127.120.47
35.157.177.200
35.186.243.160
37.157.2.238
37.157.2.247
37.157.4.24
54.246.208.198
54.84.59.211
64.202.112.159
8.39.36.141
0415736d61407b163bfdccf8d5564e10e515abf89cb0c4bc72e3a9a975967335
05978957c6c8b028f2785dc77271c286bfac76e30b7bcd7e835c2927fbe897cf
083676345d3d4780868d7082af80b98cb33a9c28945dfdebb64b8859f62b8e15
09023baefad81ce5066da12f63dbfd860f1321097977c6994d7862905f18da76
0975f6be2bbe94c6dcd7aa7546c758afa362b98968207acd4db1f7b57fa9ae21
098c1d66ca6ac145edf6dc127803d5409064e1985e40a112fe52b36f2a130ae9
09ade0062ce21dde03dec21e9dcdddfacc765a4e22d800cc5bf06a363a49681a
0b6ee815005e308fb4ed57e68792ac193f50b8228669a96e74fd143ceb09660e
0ed8f1bb12a6fc3ca72807e31da80f9e883f09816b7459674301a168cf15e90d
0f4a284e4e5fc437bbf0aa321373d29447fc580592a85721775a9f001df3a9a6
101cf54c0b669349a1fd5ab1935464a9a9645eb48fcae4cc2633a854444a501d
10d8d42d73a02ddb877101e72fbfa15a0ec820224d97cedee4cf92d571be5caa
13d8206e6dcb19f6362581ec12b009524c1bd131d45722b61094436bca79445b
14173b2fb370c55d9859a7e1bb87d0b16250f46e14696ac035c6d8fde22a8306
14c7f3592be7d72bccb6c3e7d8ffaeffd31270c40885e109782fd46ba721d338
17b988bc33e2b6c542f866ef473aaa3d20a9d4536a1ca636c061c5011a5ac5a1
19836f0667c43dd73ce40047f01519a06e750972f9dad33ef4313d652eb49e87
1b3d01cebe00670eeed492b5e4edec8d4c7056cce5b597a6c8c94f0c1f9119bc
1b70ec41a84b82047cd2935f6ac76c0d0ded50ec6a65b725f2b2abaf5edbfb6c
1c7a6058854929580ce5206613f1676830507804c1d194b7de049d1809bed9b2
1d2f16d480ffde58cf9d6ff4e57cf9c21ed2f5515cf2f1a74daefe5107e10985
1eaecb92e4a26d061539964caebb1ffcf87858a5db08eccdf2345b1a547e2019
1ee9d84d2672ca8a499d2218ffe73d5d9ce86c69861864a22fc3afc3c462d2aa
20da2267ae5830a4c79483f48586f7c14d98ba433e9ef1e74a9de00bbe4335b4
2167d6069e570bbe78187cd7f9dfe60bc6483d17bb81974825b26a8af1beb3f9
24eb071c600fe4a3ba31ac2c4f33c34eac3b3780ac8c8f5924bcf00d66acfa73
2563ca062d2fb21da1ec427412b982b02799fdcb75db6522ef3a777d2235c0ca
284a56c4ba4ca9f30a494fcb4f75c23f5253547bad735ef51158df6dfc90c915
2944acfdff85dc6308cf8a2766b6efce9ec63fc8356fd5118a98001b936e50dc
29c1e4c54c76ab5712680e54c0b69efdb2db355d19e47826ad74e9971b6cbe42
29fb2a35c616c1546692d8d26167b6af206db3c95a970c7cc1d12d89e38ec035
318d7b10f08b02ff518c5c74e6fcc8fc075ae5023d27e6c9859a6ba2519950f6
31cccd6f55aa480629657cb5458f989c9f5361b1b45bab9047fe21f1375370a5
3223ccaa46f2320f7d698bc38b969c5baf6e33d4dc2f291bf770bdb24e7b34d7
328e90a318268aea96180cc31666ae6d6f79d90d078c123bc3d98ee08a192fb7
3319b642d9a9c2d3be976dd64e236792e1941e2ba84764cc15f8e24f946eb057
33a615b30f0b0648a299b0d7e7f57e6c5a1b52cfcc831b3572c1f6ff77c1e2b1
368988b8aad8a0bbecd67db9a0a16a7760af07094e5613d7e0a8bda650b22b2d
398cdf1b27ef247e5bc77805f266bb441e60355463fc3d1776f41aae58b08cf1
39d8a7c6a401b46ed1ca1094cd0ace7c9e1356661e9c37d39848a8c2799afa94
39e8386b4e8a4a0ba1de3031f050265df97f635c9d30990212970a79b14d5726
3a1899fdd2df51cb258831412da0b42457621acd71e23318d537047c373f9520
3c8cca8f79a813ccbc3683de3169c70c385b8bec34e0b383d05ef904c8b020cb
3d393fb4fa5aed6c21023b8981fb1bc69c5e566d0d3807cde55a8484fee9407d
3ee5d3987c846f18daeddbff3ba8632177ed5f8fb3d586d86aed0d749fd9c6df
40732e9dcfa704cf615e4691bb07aecfd1cc5e063220a46e4a7ff6560c77f5db
4112275fe878d4b037316a449f7516817d3c7da7839eb532b81c80b309b36df5
4169d55735350781457e5ac29845c8296f3e5f8880268b7c35ace7781d9bf03b
4286cef9f114568ff20fa78920a832a60158f94533713845730ac41a934d08a5
42b976597a2d977d0e300f6d06bc903db389e5c112d33c1c8c249690a522d9f2
42cb30500358c7f019ee93575e48d523d0931fa3b75de43868b03d66f3e0fb74
4323f8ddb7c570311f9ccf5035c68d856bfe0cda1865097d8fe13826c02590c6
44a9857df6a0e751a7c7a2fee5076c1a16575ccb524e53d26cdbb6da90b2310d
44fdd1eb3c024fe9fb4faeb815b2367ace182437a87eb25a75d7802d0f3c88c0
462bc67f383c00cd2f09afa83f4ab70ad9ece0e14310a0e1c381a902db6ee2ce
470985029a73c80df15aaffe3cbed4b09c49801c381c82ce704595d7c0bbcc0c
4b5b6b15c6255109e06720cce42a06d3aead8b7874423d9c52cb0303212c25ef
4e0705327480ad2323cb03d9c450ffcae4a98bf3a5382fa0c7882145ed620e49
4f9b12ff6d6bcfe24b3908b5b4653b2769d650b5aafcaa9ad983a521dd9a4491
528d30b6dbe6422fa5cb80857cc760cc07156da2f76fdec99c5a86400d9e739e
548f2d6f4d0d820c6c5ffbeffcbd7f0e73193e2932eefe542accc84762deec87
55a490329010041abb0982e8fb65d384ea8307e3849deaf5792e071b71496806
57230c28fa1f6b89132cc6b45879cb0d76dc06be76f5160f037b6243b76ee282
5ae0cd8647ce25c3caa7cf5155b4b3e7120f537004f5f34569b261f4dc792fb7
5d6530cc412e24cb8226231d03d1b6fd799e6efe62c273eb38da7e943d115ab4
5d9862c186718bb6f766954530b787379a6ef8a9fdc50d913d4342843e1ee43b
6019c3c9e47dc991f8d9937deafbb0740c2e61e321324798cb508773b0814824
615494a93f61434c21c6a35e51b508950d66d7784b2f4deb10b7a904b4cca17c
637ad492737f2b4dd321b6376f85df9ae0318e058256f4ef8d46ba99346bb01a
65d9f134351cfb463a24469e3767a725acb365c1140c683b72716f4a8c29a0d0
65e7768aeab15b4491a1bee61adf4cd77f7014984ac0bb404959af7acb86fa10
663c4a5f602e171f5f8cfcd8002ea6a4a2e87b45ec771ad5e2bc5ff0866b46aa
66b804e7a96a87c11e1dd74ea04ac2285df5ad9043f48046c3e5000114d39b1c
687d5823bd2024aea8f7a887a96f0a5bc17a9ea94e4bc4f803df57ba0510dc2e
6b29e3ddb09886db2f0ba25d3842c850d302cefb75705eac51488be724e59837
6e1359cf3dc38872322d3a9f39f76593dd7dea548416b92173d8ec75b59ce261
6fec58a48598613c8a4d19fb461f024ba975d146fc0426514c1b4a4637ccdbed
70cb1295d004ab61a42f1aed2375d5a4f82094c3cd4e6de701ab46a6e06932d1
725465141f582e4a1530401e4372f289e3ceadc3d9486d70a258a9e61d80691c
75329a0036d550283e35ef260a99a40e4f0b3860128afb9a601f5d8aaf2a67da
7588a3068e2520e236ee7708b08636bc587d79ee0c3e1ce13f31e860c5a00936
75c601b64fef79cd7e2992c5f1715697e533e4d46737aef3f2e2980b34c19504
798fcc311737a033dc548d9b1bccce0ebdf34a40ab1995d90301e39e01dc16d3
7ae33ab34c0cc4321f009d234844837244b763b76b3a1769621f9619f849cfe2
7bc15156bfd0c994eb416710df6402ae66bde703b16f0b494fbea7f4b6f9d5db
7bdf22ffb529e43c1d080e28259c013b75e377c229b740c123c6849af49e8f66
7dc834abf7aa8506dabac1e129f07fabfadd806af2ea045fc04d05341ed06a88
80fb3e76ddde2313ad4c6b34b06b8d42d3a4d2fd628861fec955e70bf99e5eaa
832f63f4187160c195b04f1911c2e623a75e805f4b23abb9b0bea214b4283a43
83553d22ccd56e5576d544f6ba93475c712b3c02d312893eea2acc16de5fcf91
87c0ba07e79ba24acaedb7c0ffb79aed84a0876dc99ea17b44d92898c1920636
89fe0ee6020314794fc2cfeacf3d10c31050cfe56f8ebddf1ed0a33fbe941fa7
8af93bd675e1cfd9ecc850e862819fdac6e3ad1f5d761f970e409c7d9c63bdc3
90866a1ecb4b2d71afa0657bbc4426ff1c65cd950bb7c7610420fdb25000bc94
90aecf63f7b3c11b09a5f941b1ae98a5450458111d7940359ea4eda181f079e8
932cc94b7b1b4e13b29e88c8f909d29d12bb6eb3e2688885f462187985e5bb7e
958431af002b443e91772376e40f97e48ad72064379a9b52ed166679e5f7ccf5
96ed2223d2d8f0ee570a2f28acd2fe7ff3c490a8e95726e178e025a2cd3b6d3c
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9eeec5a5fe940a31de261545439b0d349056e859045dc8c0a60e849b2bfcdaea
a1fddf4d5fec5f577b977db5c16c6582c1768324262382650fce903a37d73ab6
a4ec6f94a0b8da689d7e44343539adbcd049e2aacb981a6cbc4891bbd051bae9
a4fa05f8818635de315841a7d5efc17424ac4fa7aa796195f3cb83b09ec81dcb
a5c277cb9c2bff3a7ebffc13f04997021c12a83c8b101e6e03330676bec5808d
a6ca968cdd211c37a79a74d53c3222d6a49a10ebeccf7964fa590a642b0e76bc
aa03dc59bdca72631d2301e4297cfa030bd31b907dc138e7b973d12311c90a22
ace45b46ac17a67385d5531e52dd00c52b17329a911ad2548954a11b2ad6f1d4
af44c83f737c501b3862145a4a30d18f780168a429f94c9a6ef90b71f464c858
b1442e85b03bdcaf66dc58c7abb98745dd2687d86350be9a298a1d9382ac849b
b23807a4c5d90afca0dc47d688c0a05302779429dab75f5e6182562dcc2970f6
b4ff860133d8c85a28926a7e93aa7f45f374ae6277b16c79f37356b81b18b602
b8fbf8d23cb7158e74924a38361e3ba96a4044e57677d3dbf2d45fa93e4cb2de
b99a4e345c89904d21e117884bd9937c82ec33ec549984b91d873833e04e7bd2
ba401b9425b04169c4d1b9ba0177fa7a580ab58835f7727cc07e10d47f692f80
bac8ff581e03d5cddceb07b56b306727bdd4e28b77751f2eccf2dfa97b2eea90
bb229a48bee31f5d54ca12dc9bd960c63a671f0d4be86a054c1d324a44499d96
bc079e5a4e58c7446ded814230e4733efdae98cfbfde22445fdb72b723624f86
beaa74a3337db035766f890b60e7e5da285f1393b3565f09799e278e4e09b46c
c38f09f7cbd22ed93585150ca71f950737ffc04b4edef1494fafb79019fa267d
c61a0c4884129778832dd953bca05f2743c626d4c163d30e3fb27baf0a799544
c9d8e86ad4888f92124a40bc827b81030f78603e845331440c79b9ffecc65c10
caa849b179befa2645a8e2c474d2e82a76777a3305315ece911013e8ee9a916c
cb52bb4f72aa07d6d58a515642e9eb129becc794f5aa9e6073a8e80a9ff32cf9
cdaab006d7b729b3d083a5e35c202f4339c2e493abffc8de9f435718d040a7b6
d1371feb0512d700cf724b05a588ce79f8d8dfbb0991ae5f45ecd3ab08983a38
d1f1ce1c58a73639fdf1712d8f18afe7b201c666b3de4bcb995e1bc95b0c3124
d36d9109275ca93d47589862c92e2ba34b58cc1a67541fe8ee3417ffd6b7c306
d49379cc8f2f7ce47695fbc18e2d992ad79b2c414b3e29fef8b39ec1165f30aa
d5fd173d00d9733900834e0e1083de86b532e048b15c0420ba5c2db0623644b8
d9ad820e147680f85136b0af7b33d79e9d2cbcf4d259fd010e4b8f9b4c1e5d31
d9feb97bc5878582865e38229057d6259b69d5dc9efcd8043580368164eeca25
da59c9a6d87cd2e0ffbea8e893e16d3b87cbdd106313900bee85918a256f5c5a
dbea450eddd30570791d7f3f15b7bf273906873af292025ade3dbfffb0d5de58
dcda9469e8f63a870df774bc9e46a0d53387e493fe43dd3724d024ae2d09f33a
dd7b97c7ad9d7b3eb79bdc728bcbc6a7ab8e3d5db0421fb0dd16d34f3dc88277
df0d34a8dfd2be2c60889e634b5fdad3d1bad855881735b33c671e84e4f1e182
e0e6a5cf7ea3142bc39e8ac5a3df12c28968d395db15430b6473d4e1262175ba
e2ee2027e3134d65c4701f15e3e2c0dd4695ad74455ce35c5c59c8938c7a046a
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5c750ac2f038732ddd1eed5cd3c58b3ee2b0fb3a207fb55525783d412c8a160
e7928d115bbeade4591d6525789a360c001c03098286dec2bcdf64272897146d
ea229dc845952b01f28d60d13dfcce83fd0b3c1857e29ea610f699253151d08c
ecfd2e614ba18324cac553450522e0644b616963a123eb310c7cf2011a2d2efd
ed91fbb0cd9308f91f8e1fd93942c94ee850fc4161ed788b16f801b743c70b9b
ee3609236eefa18dc2a4d57e0e4352626e646f3fc435e231432b5d7fbec53fa4
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
ef8cf94a963a74f0c3acfbad1c5df4109c0dad18987055ed7926e11292ad5515
f04b517ba5d6a0510485689a3e42dac000f51640fd71b986804cba178eae42a5
f210607fbd2ee60fe559b003e3204e57d9c2b78d9bab99d0861b6bfee943dee9
f3a64f1aa0764e55c6ae52bebd629957c6c1f389d138eb7e8c772d9c6c410fc7
f964b6cdc8fc810fb7852dffff4e208a7ad506b4dab2a23899b4e75d7289fe6f
f98b9217f41d70643fbe413ec1d526ebd8524cec86f38e16f5bdaea6d281f40b
f9ddef4e3eb4f7ddb5397c52bdd0bed3e5aa3e489075913b590ecf422d2063f7
fd64cd355a393eb0e75ffb097014deab7e585e38fb57348dcc3f6bd8998d3328
fdb583e2bee22858e3b3e3e046daa26bda50f7e36786dd6f0996210d908a44d8
fe185d11a49676890d47bb783312a0cda5a44c4039214094e7957b4c040ef11c
fe5690c827f2403d06acb35ca7b67743ef538336ae621a1de88a2623b63b0a68