Submitted URL: https://www.loopbank.ca/
Effective URL: https://app.bankonloop.com/apply/
Submission: On September 04 via automatic, source certstream-suspicious — Scanned from CA

Summary

This website contacted 21 IPs in 2 countries across 18 domains to perform 51 HTTP transactions. The main IP is 2600:1f18:16e:df00::64, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is app.bankonloop.com.
TLS certificate: Issued by E6 on August 16th 2024. Valid for: 3 months.
This is the only time app.bankonloop.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 198.49.23.144 53831 (SQUARESPACE)
14 2600:1f18:16e... 14618 (AMAZON-AES)
4 2600:1400:900... 20940 (AKAMAI-ASN1)
2 2600:141b:e80... 20940 (AKAMAI-ASN1)
1 2600:141b:e80... 20940 (AKAMAI-ASN1)
5 157.240.241.1 32934 (FACEBOOK)
2 3.96.78.12 16509 (AMAZON-02)
3 2a03:2880:f11... 32934 (FACEBOOK)
2 2607:f8b0:400... 15169 (GOOGLE)
1 52.34.216.193 16509 (AMAZON-02)
1 2600:1400:900... 20940 (AKAMAI-ASN1)
3 2620:1ec:33:3... 8075 (MICROSOFT...)
1 108.138.128.28 16509 (AMAZON-02)
2 157.240.241.35 32934 (FACEBOOK)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 18.116.207.239 16509 (AMAZON-02)
1 34.120.195.249 396982 (GOOGLE-CL...)
2 2607:f8b0:400... 15169 (GOOGLE)
1 2607:f8b0:400... 15169 (GOOGLE)
1 52.15.111.6 16509 (AMAZON-02)
51 21
Apex Domain
Subdomains
Transfer
14 bankonloop.com
app.bankonloop.com
7 MB
5 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
3 KB
5 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
165 KB
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 669
px4.ads.linkedin.com — Cisco Umbrella Rank: 7330
2 KB
4 site.com
loopfi.my.site.com
23 KB
3 bing.com
bat.bing.com — Cisco Umbrella Rank: 534
15 KB
3 typekit.net
use.typekit.net — Cisco Umbrella Rank: 1178
p.typekit.net — Cisco Umbrella Rank: 1499
47 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
2 ap3prod.com
capture-api.ap3prod.com — Cisco Umbrella Rank: 86932
5 KB
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
201 KB
2 salesforce-scrt.com
loopfi.my.salesforce-scrt.com
18 KB
1 autopilotapp.com
accounts-api.autopilotapp.com
3 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 110
1 KB
1 sentry.io
o161107.ingest.sentry.io
511 B
1 cdn3l.ink
cdn3l.ink — Cisco Umbrella Rank: 237303
30 KB
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1884
14 KB
1 amplitude.com
api.amplitude.com — Cisco Umbrella Rank: 3376
190 B
1 loopbank.ca
www.loopbank.ca
170 B
51 18
Domain Requested by
14 app.bankonloop.com app.bankonloop.com
5 www.facebook.com connect.facebook.net
app.bankonloop.com
5 connect.facebook.net app.bankonloop.com
connect.facebook.net
4 loopfi.my.site.com app.bankonloop.com
loopfi.my.site.com
3 px.ads.linkedin.com 1 redirects app.bankonloop.com
3 bat.bing.com app.bankonloop.com
bat.bing.com
2 www.google-analytics.com app.bankonloop.com
2 capture-api.ap3prod.com app.bankonloop.com
2 www.googletagmanager.com app.bankonloop.com
www.googletagmanager.com
2 loopfi.my.salesforce-scrt.com loopfi.my.site.com
2 use.typekit.net app.bankonloop.com
use.typekit.net
1 accounts-api.autopilotapp.com cdn3l.ink
1 fonts.googleapis.com cdn3l.ink
1 o161107.ingest.sentry.io app.bankonloop.com
1 px4.ads.linkedin.com app.bankonloop.com
1 cdn3l.ink app.bankonloop.com
1 snap.licdn.com www.googletagmanager.com
1 api.amplitude.com app.bankonloop.com
1 p.typekit.net use.typekit.net
1 www.loopbank.ca 1 redirects
51 20

This site contains links to these domains. Also see Links.

Domain
www.bankonloop.com
Subject Issuer Validity Valid
app.bankonloop.com
E6
2024-08-16 -
2024-11-14
3 months crt.sh
prod.cdn.salesforce-experience.com
DigiCert Global G3 TLS ECC SHA384 2020 CA1
2024-03-06 -
2025-03-04
a year crt.sh
use.typekit.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2024-08-27 -
2025-09-27
a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA
2024-06-13 -
2024-09-11
3 months crt.sh
scrt01.uengage1.sfdc-58ktaz.svc.sfdcfc.net
DigiCert TLS RSA SHA256 2020 CA1
2024-01-29 -
2025-01-29
a year crt.sh
*.google-analytics.com
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.amplitude.com
COMODO RSA Domain Validation Secure Server CA
2024-01-31 -
2025-03-02
a year crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA
2023-12-13 -
2024-12-12
a year crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 04
2024-06-19 -
2024-12-16
6 months crt.sh
static.ap3prod.com
Amazon RSA 2048 M03
2024-05-15 -
2025-06-14
a year crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA
2024-08-27 -
2025-02-27
6 months crt.sh
*.ap3prod.com
Amazon RSA 2048 M03
2024-01-16 -
2025-02-13
a year crt.sh
ingest.sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1
2023-11-02 -
2024-12-02
a year crt.sh
upload.video.google.com
WR2
2024-08-05 -
2024-10-28
3 months crt.sh
*.autopilotapp.com
Amazon RSA 2048 M03
2024-03-06 -
2025-04-04
a year crt.sh

This page contains 2 frames:

Primary Page: https://app.bankonloop.com/apply/
Frame ID: 58F747EFAC73F602C87931C506426E22
Requests: 51 HTTP requests in this frame

Frame: https://loopfi.my.site.com/ESWLoopBotv21715445066578/assets/htdocs/sitecontext.min.html?parent_domain=https://app.bankonloop.com
Frame ID: 955F49BA4651A7D0DED8A89E6F06FCFF
Requests: 1 HTTP requests in this frame

Screenshot

Page Title

Global Banking for Businesses | Loop

Page URL History Show full URLs

  1. https://www.loopbank.ca/ HTTP 301
    https://app.bankonloop.com/apply/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Overall confidence: 100%
Detected patterns
  • <[^>]+data-react

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Overall confidence: 100%
Detected patterns

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/ns\.html[^>]+></iframe>
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js

Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js

Page Statistics

51
Requests

98 %
HTTPS

52 %
IPv6

18
Domains

20
Subdomains

21
IPs

2
Countries

7624 kB
Transfer

18571 kB
Size

15
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://www.loopbank.ca/ HTTP 301
    https://app.bankonloop.com/apply/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 33
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&e_ipv6=AQLCaQXATj_MEQAAAZG8pS6hh33ibZtE1-mhZjhgJ734lv7XCwZGdZ2oItdQ6vizcIsFkL5J

51 HTTP transactions

Resource
Path
Size
x-fer
Type
MIME-Type
Primary Request /
app.bankonloop.com/apply/
Redirect Chain
  • https://www.loopbank.ca/
  • https://app.bankonloop.com/apply/
7 KB
3 KB
Document
General
Full URL
https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
5d6e09e9dc412d7b0cf4a9d61faa9249742b2a113bd03ac237e7e8defbf88b34
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
age
27697
cache-control
public,max-age=0,must-revalidate
cache-status
"Netlify Edge"; hit
content-encoding
br
content-length
2709
content-security-policy
frame-ancestors 'self'
content-type
text/html; charset=UTF-8
date
Wed, 04 Sep 2024 10:47:04 GMT
etag
"9a3214a183f34d8cbb22921b6727bf3a-ssl-df"
server
Netlify
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
DENY
x-nf-request-id
01J6YAA87Z13CJRZ4DBF63NBWT

Redirect headers

age
564
content-length
0
date
Wed, 04 Sep 2024 10:37:39 GMT
location
https://app.bankonloop.com/apply/
server
Squarespace
x-contextid
eeMEfWzz/Op8s8FxN
2.295448d9.chunk.css
app.bankonloop.com/static/css/
36 KB
6 KB
Stylesheet
General
Full URL
https://app.bankonloop.com/static/css/2.295448d9.chunk.css
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
e7fd85c781d12e829f65ef9241a4ea9d16c0c9142276a12845a6542cf04c4808
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAA8A46VCG2V3MSGWB1Y87
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000
age
34038
content-length
5643
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"2174642c679ada6614d3fbbf6e5e6244-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
main.3bf5c1d3.chunk.css
app.bankonloop.com/static/css/
207 KB
31 KB
Stylesheet
General
Full URL
https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
0b297a034bec9bf037273b94d64bfb8c37dde779db3d1b3f5c41101ab4a68a01
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAA8A49EEF9TS3EZ3K1PR2
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000
age
34038
content-length
31616
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"c7804cb299242eb32bd8f4bdbe1c2eb0-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
bootstrap.min.js
loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/
64 KB
18 KB
Script
General
Full URL
https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7412 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
sfdcedge /
Resource Hash
a7806639142f9bb996c139f6954bba0423936d7ecc6af1748ab72025a475210b
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
x-sfdc-request-check
2
akamai-grn
0.4c747e68.1725446824.310023ac
content-length
17505
x-xss-protection
1; mode=block
x-sfdc-edge-cache
MISS
referrer-policy
origin-when-cross-origin
server
sfdcedge
etag
"b68cc366d0--gzip"
x-sfdc-request-id
1c0cdf6e819786ec6de29118265d25d8
vary
Accept-Encoding
x-origin-cache-control
max-age=60,immutable,public
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=48
origin-trial
AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
2.d8fcbfb7.chunk.js
app.bankonloop.com/static/js/
4 MB
1 MB
Script
General
Full URL
https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
46a54c37fbefe36ddff9abfd91f027907b093eef8820afd1d810cdfe89da0e86
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAA8A4MQE4WTEWZQD1HNQH
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000
age
37416
content-length
1089083
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"a012f53bea9ff58c1f47c654aae7ea96-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
main.dd872666.chunk.js
app.bankonloop.com/static/js/
9 MB
5 MB
Script
General
Full URL
https://app.bankonloop.com/static/js/main.dd872666.chunk.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
d573968b05b0ef1d68a8985639c2eb8d3d972c75e735df1d983d934d80b73fb4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAA8A4K98KK6FFCFXS35J1
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000
age
12107
content-length
5753070
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"9e1a7f0772d4d6601c66b2f1ea4bd932-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
qhk8jkt.css
use.typekit.net/
5 KB
1 KB
Stylesheet
General
Full URL
https://use.typekit.net/qhk8jkt.css
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:5b::17ca:3d7c Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
2aa142f63965a880e22328442493b4fdd370eb1cb439ef186ac6998faa006a35
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains;

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains;
content-encoding
gzip
date
Wed, 04 Sep 2024 10:47:04 GMT
server
nginx
vary
Accept-Encoding
content-type
text/css;charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=600, stale-while-revalidate=604800
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
885
p.css
p.typekit.net/
5 B
172 B
Stylesheet
General
Full URL
https://p.typekit.net/p.css?s=1&k=qhk8jkt&ht=tk&f=10879.10881.10884.10885.15586.32874&a=65597369&app=typekit&e=css
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/qhk8jkt.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:5b::17ca:3d6f Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb

Request headers

Referer
https://use.typekit.net/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:04 GMT
last-modified
Sun, 21 Jan 2024 12:50:46 GMT
server
nginx
etag
"65ad1326-5"
content-type
text/css
access-control-allow-origin
*
cache-control
public, max-age=604800
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
5
sdk.js
connect.facebook.net/en_US/
3 KB
2 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
b4b8d87527a6e4ddea9cd02549ed9ee647ea9e326fa4d74013b9b0e6f010f20c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
content-md5
+QV48x1u0qUN35s/8NUgmQ==
document-policy
force-load-at-top
x-fb-server-load
41
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
1690
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=25, rtx=0, c=23, mss=1232, tbw=4358, tp=10, tpl=0, uplat=0, ullat=-1
x-fb-debug
ISEgU/t2WX1UEbs/gKRs9uJQAOdvD6TBuYmAjkY8H18DOnj0Gz1m/7SrmJhmkfdDs9jOH0CqGeFcwmgJG9whPA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
93b5ef40f0decc39a7f4fe30d0293c94
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"9f99c9e40e5db74d492f31f88694f457"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=1200,stale-while-revalidate=3600
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Wed, 04 Sep 2024 10:52:17 GMT
bootstrap.min.css
loopfi.my.site.com/ESWLoopBotv21715445066578/assets/styles/
14 KB
3 KB
Stylesheet
General
Full URL
https://loopfi.my.site.com/ESWLoopBotv21715445066578/assets/styles/bootstrap.min.css
Requested by
Host: loopfi.my.site.com
URL: https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7412 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
sfdcedge /
Resource Hash
fa5d6b2f64cba07e5d1570699393f2db2a0f87aff38fd4900cba20fdb5cf37db
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
akamai-grn
0.4c747e68.1725446824.31002a56
content-length
2487
x-xss-protection
1; mode=block
x-sfdc-edge-cache
MISS
referrer-policy
origin-when-cross-origin
server
sfdcedge
etag
"f94c5f61da--gzip"
x-sfdc-request-id
839c9a2df154c0be77d390a60e91a513
vary
Accept-Encoding
x-origin-cache-control
max-age=60,immutable,public
content-type
text/css; charset=UTF-8
cache-control
public, max-age=51
origin-trial
AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
embedded-service-config
loopfi.my.salesforce-scrt.com/embeddedservice/v1/
17 KB
18 KB
XHR
General
Full URL
https://loopfi.my.salesforce-scrt.com/embeddedservice/v1/embedded-service-config?orgId=00D3h000002BZkO&esConfigName=Loop_Bot_v2&language=en_US
Requested by
Host: loopfi.my.site.com
URL: https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.96.78.12 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-96-78-12.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
3fed24bc25b11746b65cfdef6a322bfa2f299e5ec9d31ec84ae764b47037bc5e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-scrt-correlation-id
ba0e2652ee647d86
x-frame-options
DENY
access-control-allow-methods
GET
content-type
application/json;charset=utf-8
access-control-allow-origin
https://app.bankonloop.com
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-xss-protection
1; mode=block
expires
0
businesshours
loopfi.my.salesforce-scrt.com/embeddedservice/v1/
0
37 B
XHR
General
Full URL
https://loopfi.my.salesforce-scrt.com/embeddedservice/v1/businesshours?orgId=00D3h000002BZkO&esConfigName=Loop_Bot_v2
Requested by
Host: loopfi.my.site.com
URL: https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.96.78.12 Montreal, Canada, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-96-78-12.ca-central-1.compute.amazonaws.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000 ; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 10:47:04 GMT
strict-transport-security
max-age=31536000 ; includeSubDomains
x-content-type-options
nosniff
x-scrt-correlation-id
e71eab7e5a53d247
x-frame-options
DENY
content-type
application/json;charset=utf-8
access-control-allow-origin
*
cache-control
no-cache, no-store, max-age=0, must-revalidate
x-xss-protection
1; mode=block
expires
0
sdk.js
connect.facebook.net/en_US/
305 KB
87 KB
Script
General
Full URL
https://connect.facebook.net/en_US/sdk.js?hash=a058ff9a13b1f3b0709b25889f02d491
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
fddd2cb0a4f24a1bedba9ffbeccb96f0f98e9976ac05ee35f928ce7eb4bcf164
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/
Origin
https://app.bankonloop.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; preload; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:04 GMT
content-md5
JHqyGWGKl+DTs+oyzAmktA==
document-policy
force-load-at-top
x-fb-server-load
40
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
89218
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=23, mss=1232, tbw=4316, tp=9, tpl=0, uplat=1, ullat=-1
x-fb-debug
/kxy52cwcNcWmsu3FoRgKrgACDD4ZB7nx24Cm5GDnowAtneZx2CqowGE298uBzgve9P5H4vsV5zc99qSqQ7cGw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
x-fb-content-md5
c7ee7a0e0a76212be1bd3c21d61e7f6d
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
etag
"374b94ce1d1471871e1972a662197901"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
X-FB-Content-MD5
cache-control
public,max-age=31536000,stale-while-revalidate=3600,immutable
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
x-frame-options
DENY
timing-allow-origin
*
priority
u=3,i
expires
Thu, 04 Sep 2025 08:49:45 GMT
sitecontext.min.html
loopfi.my.site.com/ESWLoopBotv21715445066578/assets/htdocs/ Frame 955F
0
0
Document
General
Full URL
https://loopfi.my.site.com/ESWLoopBotv21715445066578/assets/htdocs/sitecontext.min.html?parent_domain=https://app.bankonloop.com
Requested by
Host: loopfi.my.site.com
URL: https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7412 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
sfdcedge /
Resource Hash
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests; img-src * blob: data:; frame-ancestors bankonloop.com *.bankonloop.com loopfi--c.vf.force.com loop-bot-testing-site.webflow.io app.bankonloop.com app.preprod.bankonloop.com *.app.preprod.bankonloop.com app.preprod.getloop.ca *.app.preprod.getloop.ca;
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://app.bankonloop.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

akamai-grn
0.04747e68.1725446825.32a31454
cache-control
public, max-age=50
content-encoding
gzip
content-length
187
content-security-policy
upgrade-insecure-requests; img-src * blob: data:; frame-ancestors bankonloop.com *.bankonloop.com loopfi--c.vf.force.com loop-bot-testing-site.webflow.io app.bankonloop.com app.preprod.bankonloop.com *.app.preprod.bankonloop.com app.preprod.getloop.ca *.app.preprod.getloop.ca;
content-type
text/html; charset=UTF-8
date
Wed, 04 Sep 2024 10:47:05 GMT
origin-trial
AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
referrer-policy
origin-when-cross-origin
server
sfdcedge
strict-transport-security
max-age=63072000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-origin-cache-control
max-age=60,immutable,public
x-sfdc-edge-cache
MISS
x-sfdc-request-id
56417f058a4ae757f22e36e3dd59e3b3
status
www.facebook.com/x/oauth/
0
0
Fetch
General
Full URL
https://www.facebook.com/x/oauth/status?client_id=1248402045526434&input_token&origin=1&redirect_uri=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&sdk=joey&wants_cookie_data=false
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/sdk.js?hash=a058ff9a13b1f3b0709b25889f02d491
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=15552000; preload
date
Wed, 04 Sep 2024 10:47:05 GMT
x-content-type-options
nosniff
document-policy
force-load-at-top
x-fb-server-load
49
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
reporting-endpoints
default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410737685525772324", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=10, mss=1297, tbw=2764, tp=-1, tpl=-1, uplat=15, ullat=0
pragma
no-cache
x-fb-debug
1f0K7XCjEayvrBrgr8WGfnsR3k5NH425RUfIdeS+fG64EvFRGhTF5vulELKeIFVFJa8PD1mroH0IxFFQRnpr6w==
fb-s
unknown
report-to
{"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410737685525772324"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
text/plain; charset=UTF-8
access-control-allow-origin
https://app.bankonloop.com
origin-agent-cluster
?0
access-control-expose-headers
fb-s
cache-control
private, no-cache, no-store, must-revalidate
access-control-allow-credentials
true
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
inert.min.js
loopfi.my.site.com/ESWLoopBotv21715445066578/assets/js/
7 KB
3 KB
Script
General
Full URL
https://loopfi.my.site.com/ESWLoopBotv21715445066578/assets/js/inert.min.js
Requested by
Host: loopfi.my.site.com
URL: https://loopfi.my.site.com/ESWLoggedinLoopBotLoc1715285599480/assets/js/bootstrap.min.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::687e:7412 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
sfdcedge /
Resource Hash
aff5ba73419fed47f9c1daf8ebc000fc4bbe80758086ec9362578ebe003caa8f
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=63072000; includeSubDomains
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:05 GMT
akamai-grn
0.4c747e68.1725446825.31003325
content-length
2234
x-xss-protection
1; mode=block
x-sfdc-edge-cache
MISS
referrer-policy
origin-when-cross-origin
server
sfdcedge
etag
"b87e734187--gzip"
x-sfdc-request-id
f1aeefeb14bafb7161b2f5a58b062260
vary
Accept-Encoding
x-origin-cache-control
max-age=60,immutable,public
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=50
origin-trial
AhF0CFIKisg+QZcMOO1kPVkD9iTw2dNL70IIkolxErMm0SFOkAwM8DqJk/f3op6Tt2uphjYo6y6Au/x61Tjg/wIAAABZeyJvcmlnaW4iOiJodHRwczovL3NpdGUuY29tOjQ0MyIsImZlYXR1cmUiOiJUcGNkIiwiZXhwaXJ5IjoxNzM1MzQzOTk5LCJpc1N1YmRvbWFpbiI6dHJ1ZX0=
fbevents.js
connect.facebook.net/en_US/
225 KB
58 KB
Script
General
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 04 Sep 2024 10:47:06 GMT
document-policy
force-load-at-top
x-fb-server-load
31
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58936
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=25, rtx=0, c=26, mss=1232, tbw=8262, tp=16, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
sGolzYeTgxxHewxyE5/o2ZXXuH94jv93s3vUXfsXFlrnUb8F1QALnDHSO9iQK/y03rqPP1prDRJpXTrx1mYRzQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
gtm.js
www.googletagmanager.com/
266 KB
94 KB
Script
General
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-NFW7STR&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
d651575ebc0f22fe9312d469771e87ac2b63603ecdeb18e58a6eafd6cb1785fd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:06 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
95626
x-xss-protection
0
last-modified
Wed, 04 Sep 2024 09:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 04 Sep 2024 10:47:06 GMT
l
use.typekit.net/af/9b05f3/000000000000000000013365/27/
46 KB
46 KB
Font
General
Full URL
https://use.typekit.net/af/9b05f3/000000000000000000013365/27/l?primer=7fa3915bdafdf03041871920a205bef951d72bf64dd4c4460fb992e3ecc3a862&fvd=n4&v=3
Requested by
Host: use.typekit.net
URL: https://use.typekit.net/qhk8jkt.css
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:141b:e800:5b::17ca:3d7c Piscataway, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
nginx /
Resource Hash
2d36e12bfbde85feb98c8b66f8a4a40f9a5db6918f49234a2ddece526d933237

Request headers

Referer
https://use.typekit.net/qhk8jkt.css
Origin
https://app.bankonloop.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:06 GMT
server
nginx
etag
"55fe9b87c255317e1d82368c5c682cf8e7d33909"
content-type
application/font-woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
content-length
46668
3.d2d2cbd2.chunk.css
app.bankonloop.com/static/css/
3 MB
238 KB
Stylesheet
General
Full URL
https://app.bankonloop.com/static/css/3.d2d2cbd2.chunk.css
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
e41099be96a2549787088432fd1b903968f3537e17cc16e55d16ed145e289c9f
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAAB19NQ2SCP53VH91TJVN
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:07 GMT
strict-transport-security
max-age=31536000
age
37419
content-length
243648
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"84a6a22f7c65aa1533eb57d45d0abffc-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
text/css; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
3.22d08ae4.chunk.js
app.bankonloop.com/static/js/
295 B
407 B
Script
General
Full URL
https://app.bankonloop.com/static/js/3.22d08ae4.chunk.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
521f2c32a3843af885802d60a1d89a73caceb991b5a4a6d718b5e425025f152a
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAAB1CW6E733ETATPEBJKP
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
0
cache-status
"Netlify Edge"; fwd=miss
etag
"1fcb38696451019ae3870ffc57f80ecc-ssl"
x-frame-options
DENY
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000
accept-ranges
bytes
content-length
295
card-with-currencies-and-balance.5d05f958.png
app.bankonloop.com/static/media/
65 KB
65 KB
Image
General
Full URL
https://app.bankonloop.com/static/media/card-with-currencies-and-balance.5d05f958.png
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
a2eb3b70b75c7dfbf7a38e7a7652296a6a377230ca336b726d65a4359938f3f2
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAAB2HSGVHYXTJC6V8PR1T
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
37419
cache-status
"Netlify Edge"; hit
etag
"90842d1d35edce91c74db23025c05635-ssl"
x-frame-options
DENY
content-type
image/png
cache-control
max-age=31536000
accept-ranges
bytes
content-length
66389
/
api.amplitude.com/
7 B
190 B
XHR
General
Full URL
https://api.amplitude.com/
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.34.216.193 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-34-216-193.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded; charset=UTF-8

Response headers

access-control-allow-origin
*
date
Wed, 04 Sep 2024 10:47:07 GMT
strict-transport-security
max-age=15768000
content-length
7
access-control-max-age
86400
access-control-allow-methods
GET, POST
content-type
text/html;charset=utf-8
718914702285936
connect.facebook.net/signals/config/
73 KB
15 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/718914702285936?v=2.9.166&r=stable&domain=app.bankonloop.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
985ad0e2e0bcf6d32b28e51655c4f7025377174a5a526122242df3fba91f458f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 04 Sep 2024 10:47:07 GMT
document-policy
force-load-at-top
x-fb-server-load
28
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
14826
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=25, rtx=0, c=62, mss=1232, tbw=70278, tp=69, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
Ohg8gwcHZrIq6RjrVMw3ApkQt43U1bEptAOK/lJhg8mOBrDphaZUYvTvxCO3tZkdURZ+gB1mOGi5ALk9ard+CQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
js
www.googletagmanager.com/gtag/
326 KB
107 KB
Script
General
Full URL
https://www.googletagmanager.com/gtag/js?id=G-BWKR7WZKEF&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFW7STR&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::2008 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
80754e81272c7d6b0767ec054040b9e69231465342bed1db326596c26b2f30d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:07 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
109593
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Wed, 04 Sep 2024 10:47:07 GMT
insight.min.js
snap.licdn.com/li.lms-analytics/
40 KB
14 KB
Script
General
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-NFW7STR&gtm_auth=&gtm_preview=&gtm_cookies_win=x
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:9000::6875:b621 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:07 GMT
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Thu, 22 Aug 2024 11:06:54 GMT
x-cdn
AKAM
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
content-type
application/javascript;charset=utf-8
cache-control
max-age=40086
accept-ranges
bytes
content-length
14628
bat.js
bat.bing.com/
49 KB
14 KB
Script
General
Full URL
https://bat.bing.com/bat.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 04 Sep 2024 10:47:06 GMT
last-modified
Sat, 13 Jul 2024 20:42:16 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 882C9A1373B14A7F9F9D420836748876 Ref B: BL2AA2010204035 Ref C: 2024-09-04T10:47:07Z
etag
"044982565d5da1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
14183
app.js
cdn3l.ink/
131 KB
30 KB
Script
General
Full URL
https://cdn3l.ink/app.js
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.128.28 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-128-28.jfk50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
4718afa4dfee3eaa80f6de824ecce8daa7474ebb3993c81679a178269e338870
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 08:39:05 GMT
content-encoding
gzip
via
1.1 0afec277ba3e75e96fa6b4c76d8e130c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
last-modified
Mon, 02 Sep 2024 04:14:09 GMT
server
AmazonS3
x-amz-cf-pop
JFK50-P4
age
7683
x-amz-server-side-encryption
AES256
etag
W/"e2e9a9128180deddaaba8a0e5e968371"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
public, max-age=3600
x-amz-cf-id
P8Q2wB55FCNZODXqKDLNdoGL4vqRu5ybVMkdLHFTjdAyR0Ag9Vf2ZA==
205948802150862
connect.facebook.net/signals/config/
26 KB
3 KB
Script
General
Full URL
https://connect.facebook.net/signals/config/205948802150862?v=2.9.166&r=stable&domain=app.bankonloop.com&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110%2C196%2C195%2C197%2C202%2C203%2C204%2C200%2C192%2C128%2C130%2C159%2C191%2C193%2C119%2C153%2C141%2C147%2C185%2C186%2C125%2C228%2C113%2C123%2C124%2C229%2C161%2C116%2C231%2C162%2C132%2C120%2C150%2C144
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.1 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-lga3.fbcdn.net
Software
/
Resource Hash
11d5a30b68ba8b19a61a19b1e712ae606d0da467e43b4f38c7a71159697d14b0
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 04 Sep 2024 10:47:07 GMT
document-policy
force-load-at-top
x-fb-server-load
34
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
3272
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=25, rtx=0, c=75, mss=1232, tbw=86100, tp=86, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
1wckuTwvs0YXpfdw0h3I0B8gtI0HkvNZuUeK2iN1PjJC3DY2/MddQrRFOPlllKEv6LyX95Q7E4hvsjdIK8pTnA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
174 B
Image
General
Full URL
https://www.facebook.com/tr/?id=718914702285936&ev=PageView&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&rl=&if=false&ts=1725446827267&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725446827238.78303559248386713&cs_est=true&ler=empty&cdl=API_unavailable&it=1725446827146&coo=false&rqm=GET
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1297, tbw=4550, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 04 Sep 2024 10:47:07 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
2 KB
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=718914702285936&ev=PageView&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&rl=&if=false&ts=1725446827267&sw=1600&sh=1200&v=2.9.166&r=stable&ec=0&o=4126&fbp=fb.1.1725446827238.78303559248386713&cs_est=true&ler=empty&cdl=API_unavailable&it=1725446827146&coo=false&rqm=FGET
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f112:182:face:b00c:0:25de Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Wed, 04 Sep 2024 10:47:07 GMT
document-policy
force-load-at-top
x-fb-server-load
40
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410737694886670688", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=10, mss=1297, tbw=4768, tp=-1, tpl=-1, uplat=67, ullat=1
pragma
no-cache
x-fb-debug
XRqnsrTgs6p5xGWXSH9IzkRZawCV76pQK+6+1zxyjhS4v3n+NB+MJayptSJgP8tmVyqESrt9tyKrfJLGTnn5bQ==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410737694886670688"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/
0
19 B
Image
General
Full URL
https://www.facebook.com/tr/?id=205948802150862&ev=PageView&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&rl=&if=false&ts=1725446827527&sw=1600&sh=1200&v=2.9.166&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1725446827238.78303559248386713&cs_est=true&ler=empty&cdl=API_unavailable&it=1725446827146&coo=false&rqm=GET
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=23, mss=1232, tbw=4397, tp=10, tpl=0, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Wed, 04 Sep 2024 10:47:07 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/
67 B
195 B
Image
General
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=205948802150862&ev=PageView&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&rl=&if=false&ts=1725446827527&sw=1600&sh=1200&v=2.9.166&r=stable&a=tmgoogletagmanager&ec=0&o=4126&fbp=fb.1.1725446827238.78303559248386713&cs_est=true&ler=empty&cdl=API_unavailable&it=1725446827146&coo=false&rqm=FGET
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.241.35 Secaucus, United States, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-lga3.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding
zstd
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; preload
date
Wed, 04 Sep 2024 10:47:07 GMT
document-policy
force-load-at-top
x-fb-server-load
43
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7410737693795337399", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=24, rtx=0, c=23, mss=1232, tbw=4717, tp=12, tpl=0, uplat=28, ullat=0
pragma
no-cache
x-fb-debug
qtKatwNPr559JYE5uuTm5ORTB8Ux8fO/D0ysHLYpYA/bgrE+vDMha8lxFpexu2zf8o8+q/UlgbxFb20YV4NHsg==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7410737693795337399"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
priority
u=3,i
expires
Sat, 01 Jan 2000 00:00:00 GMT
attribution_trigger
px.ads.linkedin.com/
2 B
816 B
XHR
General
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=2567820&time=1725446827537&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

Accept
*
Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:07 GMT
content-encoding
gzip
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 4D83DAB8C5FC484E8348CB120554CD41 Ref B: YMQ01EDGE0615 Ref C: 2024-09-04T10:47:07Z
access-control-allow-methods
GET, OPTIONS
x-li-fabric
prod-ltx1
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
content-type
application/json
x-li-proto
http/2
x-restli-protocol-version
1.0.0
access-control-allow-headers
*
x-li-uuid
AAYhSOU99DMhdg7Sef/Mvg==
x-fs-uuid
00062148e53df43321760ed279ffccbe
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&e_ipv6=AQLCaQXATj_MEQAAA...
0
265 B
Image
General
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&e_ipv6=AQLCaQXATj_MEQAAAZG8pS6hh33ibZtE1-mhZjhgJ734lv7XCwZGdZ2oItdQ6vizcIsFkL5J
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date
Wed, 04 Sep 2024 10:47:07 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: FB1551C48512434FBAF6001D44A92F59 Ref B: YMQ01EDGE0614 Ref C: 2024-09-04T10:47:07Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
content-type
application/javascript
x-li-fabric
prod-ltx1
x-li-proto
http/2
content-length
0
x-li-uuid
AAYhSOVBcsBrzeT5LtDe7g==

Redirect headers

date
Wed, 04 Sep 2024 10:47:07 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: 931E9785E1514EE185C335500486C625 Ref B: YMQ01EDGE0616 Ref C: 2024-09-04T10:47:07Z
linkedin-action
1
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2567820&time=1725446827537&li_adsId=277c792b-e1f8-41da-9994-18c172b0ffa3&url=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&e_ipv6=AQLCaQXATj_MEQAAAZG8pS6hh33ibZtE1-mhZjhgJ734lv7XCwZGdZ2oItdQ6vizcIsFkL5J
x-li-proto
http/2
content-length
0
x-li-uuid
AAYhSOU9+VutlPTkH6cTOg==
343003777.js
bat.bing.com/p/action/
334 B
407 B
Script
General
Full URL
https://bat.bing.com/p/action/343003777.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Wed, 04 Sep 2024 10:47:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 0FC0E60E32034856B9A8313B0B199B9F Ref B: BL2AA2010204035 Ref C: 2024-09-04T10:47:07Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=1800
page-event
capture-api.ap3prod.com/-/events/
68 B
508 B
XHR
General
Full URL
https://capture-api.ap3prod.com/-/events/page-event
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.116.207.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-116-207-239.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
77842c6316e4eff571a79191bfcba0acd5c171254562f27bfb3e3d2f40be5da5
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 10:47:07 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
x-version
master-2409030309-5751-7b35ff3
allow
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
vary
Accept-Encoding, Accept-Encoding
content-length
68
expires
0
green-bg-with-stripes-animation.4bfa7b50.svg
app.bankonloop.com/static/media/
25 KB
4 KB
Image
General
Full URL
https://app.bankonloop.com/static/media/green-bg-with-stripes-animation.4bfa7b50.svg
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
0c820bcf9035dcc9b497da00a6a96118baf6e9ec9e3bd3631b168f3298eabc02
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAABJHCXZ7Z3SX2REDVZ98
content-security-policy
frame-ancestors 'self'
content-encoding
br
x-content-type-options
nosniff
date
Wed, 04 Sep 2024 10:47:07 GMT
strict-transport-security
max-age=31536000
age
69200
content-length
3971
server
Netlify
cache-status
"Netlify Edge"; hit
etag
"28f052bf49fa55153d7078af55e376dc-ssl-df"
vary
Accept-Encoding
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=31536000
accept-ranges
bytes
truncated
/
185 B
0
Image
General
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
92c2683be6b442107242edb6de07ac4c349abdbee834ef7c46af6ec7d46c2eb8

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml;charset=utf-8
check.ebd5d2bb.svg
app.bankonloop.com/static/media/
518 B
612 B
Image
General
Full URL
https://app.bankonloop.com/static/media/check.ebd5d2bb.svg
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
e7270ad32da859eb75d80bdb7283769457c855b07422aec0b6277f3f442869c1
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAABK0ERHE1NQN3V1HJ63T
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
41685
cache-status
"Netlify Edge"; hit
etag
"c2938caaf577299b098af84fe7312481-ssl"
x-frame-options
DENY
content-type
image/svg+xml
cache-control
max-age=31536000
accept-ranges
bytes
content-length
518
ArticulatCF-Bold.df90318e.woff2
app.bankonloop.com/static/media/
24 KB
24 KB
Font
General
Full URL
https://app.bankonloop.com/static/media/ArticulatCF-Bold.df90318e.woff2
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/3.d2d2cbd2.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
6e35fd7ab2e65f78f2062fc9667e468e46af7cf91eb724ff438c3cab6bea0e2d
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/static/css/3.d2d2cbd2.chunk.css
Origin
https://app.bankonloop.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAABRHB0YCG59KR6QAVHT0
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
34039
cache-status
"Netlify Edge"; hit
etag
"bc97a25fdbd8e43efae753afcf552c6e-ssl"
x-frame-options
DENY
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
content-length
24344
ArticulatCF-Regular.91e71c46.woff2
app.bankonloop.com/static/media/
23 KB
23 KB
Font
General
Full URL
https://app.bankonloop.com/static/media/ArticulatCF-Regular.91e71c46.woff2
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/3.d2d2cbd2.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
4407e3fe2510b0b1ff88597669d30ae50787e36665806438a00763ad4eaa545b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/static/css/3.d2d2cbd2.chunk.css
Origin
https://app.bankonloop.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAABRHMTK1PXR5N60EKKA7
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
34039
cache-status
"Netlify Edge"; hit
etag
"4cac4ae5339cab5eb17bcef3fecd1e03-ssl"
x-frame-options
DENY
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
content-length
23768
/
o161107.ingest.sentry.io/api/5458552/envelope/
198 B
511 B
Fetch
General
Full URL
https://o161107.ingest.sentry.io/api/5458552/envelope/?sentry_key=40a7f9a68f374629bafecb268ce64869&sentry_version=7
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 04 Sep 2024 10:47:08 GMT
content-encoding
br
via
1.1 google
strict-transport-security
max-age=31536000; includeSubDomains; preload
server
nginx
vary
origin, access-control-request-method, access-control-request-headers,accept-encoding
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-sentry-rate-limits
60:transaction;profile:organization:transaction_usage_exceeded
retry-after
60
ArticulatCF-Regular.91e71c46.woff2
app.bankonloop.com/static/media/
23 KB
0
Font
General
Full URL
https://app.bankonloop.com/static/media/ArticulatCF-Regular.91e71c46.woff2
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
4407e3fe2510b0b1ff88597669d30ae50787e36665806438a00763ad4eaa545b
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/static/css/main.3bf5c1d3.chunk.css
Origin
https://app.bankonloop.com
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAABRHMTK1PXR5N60EKKA7
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:07 GMT
x-content-type-options
nosniff
server
Netlify
age
34039
cache-status
"Netlify Edge"; hit
etag
"4cac4ae5339cab5eb17bcef3fecd1e03-ssl"
x-frame-options
DENY
content-type
font/woff2
cache-control
max-age=31536000
accept-ranges
bytes
content-length
23768
get
capture-api.ap3prod.com/-/widgets/
37 KB
5 KB
XHR
General
Full URL
https://capture-api.ap3prod.com/-/widgets/get
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
18.116.207.239 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-18-116-207-239.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
fe56434106b3da7bf1d47cf4b6a7baf3e32fa0d7766c6053574a0362956d43d4
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-version
master-2409030309-5751-7b35ff3
date
Wed, 04 Sep 2024 10:47:08 GMT
content-encoding
gzip
strict-transport-security
max-age=63072000; includeSubDomains; preload
vary
Accept-Encoding, Accept-Encoding
allow
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
content-type
application/json
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-BWKR7WZKEF&gtm=45je4930v9102590473z8851848644za200zb851848644&_p=1725446826714&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1140648083.1725446828&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1725446828&sct=1&seg=0&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&dt=Global%20Banking%20for%20Businesses%20%7C%20Loop&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=4665
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 10:47:08 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://app.bankonloop.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
px.ads.linkedin.com/wa/
0
199 B
XHR
General
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Accept
*
Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 04 Sep 2024 10:47:08 GMT
x-li-pop
afd-prod-ltx1-x
x-msedge-ref
Ref A: C4E437BD00954044B4B27F88DF57ABBA Ref B: YMQ01EDGE0616 Ref C: 2024-09-04T10:47:08Z
linkedin-action
1
vary
Origin
x-cache
CONFIG_NOCACHE
x-li-fabric
prod-ltx1
access-control-allow-origin
https://app.bankonloop.com
x-li-proto
http/2
access-control-allow-credentials
true
x-li-uuid
AAYhSOVJDdOZxp9kzDed/g==
0
bat.bing.com/action/
0
361 B
Image
General
Full URL
https://bat.bing.com/action/0?ti=343003777&Ver=2&mid=fcdd25d7-ae67-452f-bcb6-6241b4ec8489&sid=085c46006aab11efb1008f04e9a952f2&vid=085ce1f06aab11efa2d8d5ae4b7c5025&vids=1&msclkid=N&pi=918639831&lg=en-CA&sw=1600&sh=1200&sc=24&tl=Global%20Banking%20for%20Businesses%20%7C%20Loop&p=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&r=&lt=3464&evt=pageLoad&sv=1&cdb=AQAQ&rn=279431
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/apply/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:3::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
strict-transport-security
max-age=31536000; includeSubDomains; preload
date
Wed, 04 Sep 2024 10:47:07 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 005903060AC349B78A494C97754A415D Ref B: BL2AA2010204035 Ref C: 2024-09-04T10:47:08Z
x-cache
CONFIG_NOCACHE
access-control-allow-origin
*
cache-control
no-cache, must-revalidate
expires
Fri, 01 Jan 1990 00:00:00 GMT
css2
fonts.googleapis.com/
9 KB
1 KB
Stylesheet
General
Full URL
https://fonts.googleapis.com/css2?family=Cabin:ital,wght@0,400;0,500;0,600;0,700;1,400;1,500;1,600;1,700
Requested by
Host: cdn3l.ink
URL: https://cdn3l.ink/app.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:820::200a , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
e05ba7abcb880e1b32b4ca5c2ac719a74452536a3c252a7bfd97e2474f8a9d43
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Wed, 04 Sep 2024 10:47:08 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Wed, 04 Sep 2024 10:47:08 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Wed, 04 Sep 2024 10:47:08 GMT
custom-fonts.css
accounts-api.autopilotapp.com/-/settings/
3 KB
3 KB
Stylesheet
General
Full URL
https://accounts-api.autopilotapp.com/-/settings/custom-fonts.css?family=Neue+Haas+Grotesk+Display+Pro&k=bG9vcA
Requested by
Host: cdn3l.ink
URL: https://cdn3l.ink/app.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.15.111.6 Columbus, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-15-111-6.us-east-2.compute.amazonaws.com
Software
/
Resource Hash
0ace9d18ac610a9f0645342f356a7e0cdcbe058d291aab73f4475a5abcc34a48
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
x-version
master-2409040047-9586-5ab2379
date
Wed, 04 Sep 2024 10:47:08 GMT
strict-transport-security
max-age=63072000; includeSubDomains; preload
allow
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
text/css
favicon.ico
app.bankonloop.com/
15 KB
15 KB
Other
General
Full URL
https://app.bankonloop.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:1f18:16e:df00::64 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
Software
Netlify /
Resource Hash
3b82dbc2df2048e57f32273a19a55e411a38f8f59a178051419b0c98a1b55b56
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://app.bankonloop.com/apply/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-nf-request-id
01J6YAACKKWJNFEFDMQNJG5C79
content-security-policy
frame-ancestors 'self'
date
Wed, 04 Sep 2024 10:47:08 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
server
Netlify
age
68793
cache-status
"Netlify Edge"; hit
etag
"4e3e8632b63115221b4169d0a6d6869c-ssl"
x-frame-options
DENY
content-type
image/vnd.microsoft.icon
cache-control
max-age=31536000
accept-ranges
bytes
content-length
15406
collect
www.google-analytics.com/g/
0
0
Fetch
General
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-BWKR7WZKEF&gtm=45je4930v9102590473za200zb851848644&_p=1725446826714&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1140648083.1725446828&ul=en-ca&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&_s=2&sid=1725446828&sct=1&seg=0&dl=https%3A%2F%2Fapp.bankonloop.com%2Fapply%2F&dt=Global%20Banking%20for%20Businesses%20%7C%20Loop&en=scroll&epn.percent_scrolled=90&_et=58&tfd=9738
Requested by
Host: app.bankonloop.com
URL: https://app.bankonloop.com/static/js/2.d8fcbfb7.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://app.bankonloop.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 04 Sep 2024 10:47:13 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://app.bankonloop.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Verdicts & Comments Add Verdict or Comment

81 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 function| fbAsyncInit function| handleEmbeddedMessagingData function| initEmbeddedMessaging object| embeddedservice_bootstrap object| webpackJsonploop-frontend object| FB object| __buffer function| clearImmediate function| setImmediate object| regeneratorRuntime function| _ object| __AMPLITUDE__ object| cptable string| QUOTE object| __SENTRY__ function| fbq function| _fbq object| dataLayer object| google_tag_manager object| google_tag_data string| _linkedin_data_partner_id object| uetq object| ap3c object| s object| t function| lintrk boolean| _already_called_lintrk function| UET function| UET_init function| UET_push object| ueto_fc72e1b2ac number| TIMEOUT number| BASE_NEEDLE_ANGLE number| START_NEEDLE_MOVE_ANGLE number| END_NEEDLE_MOVE_ANGLE number| NEEDLE_ANGLE_INCREMENT number| DECIMAL_MULTIPLIER string| CLOSE_WIDGET_LINK string| PUSH_PERMISSION_LINK string| AP3_WIDGETS_PREFIX object| HIDDEN_FIELDS_REGEX number| AP3_MAX_Z_INDEX object| cookies object| frequencies object| preFillOptionIds object| visibilityOptionIds object| netPromoterScoreThanksVariants object| buttonOnClickIds function| isNotificationSupported function| isAndroidWebView function| isRunningWithinSDK object| validShopifyCartAddPaths object| validShopifyCartAddStatuses object| urlParamKeys object| platforms function| getUrlParams function| getFieldType function| getDefaultValue function| populateSelectOptions function| replacePlatformLinks function| isInViewport function| getTimeFromSeconds string| uA string| vendor function| jsonFromXhr function| sortObjectAndToString function| calcTrackKey function| getCookieDomain function| readCookie function| removeCookie function| convertLegacyCookies function| convertLegacyPageFilter function| isPageFilterValid function| isKnownSession object| widgetsAccepted function| getShopifyProductCurrentVariantId function| polyfillDateInput function| onYouTubeIframeAPIReady object| gaGlobal object| ORIBILI

15 Cookies

Domain/Path Name / Value
www.loopbank.ca/ Name: crumb
Value: BQa+WrMpoE92YzU1ZDZkMDc4MjVhOWZlOTY0ZGUzMDNkM2ZhODYy
.bankonloop.com/ Name: amp_141b12
Value: ffpbhFOmAFRjrh0Dalf9FT...1i6uaaa2u.1i6uaab20.1.0.1
.bankonloop.com/ Name: _gcl_au
Value: 1.1.1996604043.1725446827
.bankonloop.com/ Name: _fbp
Value: fb.1.1725446827238.78303559248386713
app.bankonloop.com/ Name: ap3pages
Value: 1
.linkedin.com/ Name: bcookie
Value: "v=2&30a69667-dec9-4f25-8cb6-6d079a55cd29"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MjU0NDY4Mjc7MjswMjFJe/ODa6hUQLT3/6bW9e4p0n++H2AE6ZLX1rMNR4Z5OA==
.linkedin.com/ Name: lidc
Value: "b=TGST02:s=T:r=T:a=T:p=T:g=3361:u=1:x=1:i=1725446827:t=1725533227:v=2:sig=AQHZ-GEaPx6ZG5FLwWAk5TUh0s6GC3OD"
app.bankonloop.com/ Name: ap3c
Value: IGbYOqsgRMQz860AAGbYOqtuQgngPXTDIgHTUkTKWFkTdcLOow
.bankonloop.com/ Name: _ga
Value: GA1.1.1140648083.1725446828
.bankonloop.com/ Name: _ga_BWKR7WZKEF
Value: GS1.1.1725446828.1.0.1725446828.0.0.0
.bankonloop.com/ Name: _uetsid
Value: 085c46006aab11efb1008f04e9a952f2
.bankonloop.com/ Name: _uetvid
Value: 085ce1f06aab11efa2d8d5ae4b7c5025
.bing.com/ Name: MUID
Value: 273F3BEFA7D76E892F672F1FA6436F76
.bat.bing.com/ Name: MR
Value: 0

2 Console Messages

Source Level URL
Text
recommendation verbose URL: https://app.bankonloop.com/apply/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
network error URL: https://o161107.ingest.sentry.io/api/5458552/envelope/?sentry_key=40a7f9a68f374629bafecb268ce64869&sentry_version=7
Message:
Failed to load resource: the server responded with a status of 429 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts-api.autopilotapp.com
api.amplitude.com
app.bankonloop.com
bat.bing.com
capture-api.ap3prod.com
cdn3l.ink
connect.facebook.net
fonts.googleapis.com
loopfi.my.salesforce-scrt.com
loopfi.my.site.com
o161107.ingest.sentry.io
p.typekit.net
px.ads.linkedin.com
px4.ads.linkedin.com
snap.licdn.com
use.typekit.net
www.facebook.com
www.google-analytics.com
www.googletagmanager.com
www.loopbank.ca
108.138.128.28
13.107.42.14
157.240.241.1
157.240.241.35
18.116.207.239
198.49.23.144
2600:1400:9000::6875:b621
2600:1400:9000::687e:7412
2600:141b:e800:5b::17ca:3d6f
2600:141b:e800:5b::17ca:3d7c
2600:1f18:16e:df00::64
2607:f8b0:4006:817::2008
2607:f8b0:4006:81e::200e
2607:f8b0:4006:820::200a
2620:1ec:21::14
2620:1ec:33:3::10
2a03:2880:f112:182:face:b00c:0:25de
3.96.78.12
34.120.195.249
52.15.111.6
52.34.216.193
0ace9d18ac610a9f0645342f356a7e0cdcbe058d291aab73f4475a5abcc34a48
0b297a034bec9bf037273b94d64bfb8c37dde779db3d1b3f5c41101ab4a68a01
0c820bcf9035dcc9b497da00a6a96118baf6e9ec9e3bd3631b168f3298eabc02
11d5a30b68ba8b19a61a19b1e712ae606d0da467e43b4f38c7a71159697d14b0
1c0ff118a4290c99f39c90abb38703a866e47251b23cca20266c69c812ccafeb
2aa142f63965a880e22328442493b4fdd370eb1cb439ef186ac6998faa006a35
2d36e12bfbde85feb98c8b66f8a4a40f9a5db6918f49234a2ddece526d933237
3b82dbc2df2048e57f32273a19a55e411a38f8f59a178051419b0c98a1b55b56
3bb1199d12ae09deeda4466322b863de030594a83fb2166ca26d241b1a9020c1
3fed24bc25b11746b65cfdef6a322bfa2f299e5ec9d31ec84ae764b47037bc5e
4407e3fe2510b0b1ff88597669d30ae50787e36665806438a00763ad4eaa545b
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
46a54c37fbefe36ddff9abfd91f027907b093eef8820afd1d810cdfe89da0e86
4718afa4dfee3eaa80f6de824ecce8daa7474ebb3993c81679a178269e338870
4e8276aea0a3c7fe3600e6718c7f484d49c347c8d5763d89be95900d526a14da
521f2c32a3843af885802d60a1d89a73caceb991b5a4a6d718b5e425025f152a
5d6e09e9dc412d7b0cf4a9d61faa9249742b2a113bd03ac237e7e8defbf88b34
6e35fd7ab2e65f78f2062fc9667e468e46af7cf91eb724ff438c3cab6bea0e2d
77842c6316e4eff571a79191bfcba0acd5c171254562f27bfb3e3d2f40be5da5
80754e81272c7d6b0767ec054040b9e69231465342bed1db326596c26b2f30d0
92c2683be6b442107242edb6de07ac4c349abdbee834ef7c46af6ec7d46c2eb8
985ad0e2e0bcf6d32b28e51655c4f7025377174a5a526122242df3fba91f458f
a2eb3b70b75c7dfbf7a38e7a7652296a6a377230ca336b726d65a4359938f3f2
a7806639142f9bb996c139f6954bba0423936d7ecc6af1748ab72025a475210b
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abd0c69608a1a4b0ce5f6056bc20bcf62a2a29271a4cf5e33fa1f53bf7cb19cb
aee408847d35e44e99430f0979c3357b85fe8dbb4535a494301198adbee85f27
aff5ba73419fed47f9c1daf8ebc000fc4bbe80758086ec9362578ebe003caa8f
b4b8d87527a6e4ddea9cd02549ed9ee647ea9e326fa4d74013b9b0e6f010f20c
bac10d17440dcd6f6c6c4e0bd7eca2e1a7eec030ef3b1143d4be3791dcf91263
c64cddc349202defdca8bcf51d8a905d5f8810cc76f08c1e6561800f1dd5708a
d573968b05b0ef1d68a8985639c2eb8d3d972c75e735df1d983d934d80b73fb4
d651575ebc0f22fe9312d469771e87ac2b63603ecdeb18e58a6eafd6cb1785fd
e05ba7abcb880e1b32b4ca5c2ac719a74452536a3c252a7bfd97e2474f8a9d43
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e41099be96a2549787088432fd1b903968f3537e17cc16e55d16ed145e289c9f
e7270ad32da859eb75d80bdb7283769457c855b07422aec0b6277f3f442869c1
e7fd85c781d12e829f65ef9241a4ea9d16c0c9142276a12845a6542cf04c4808
fa5d6b2f64cba07e5d1570699393f2db2a0f87aff38fd4900cba20fdb5cf37db
fddd2cb0a4f24a1bedba9ffbeccb96f0f98e9976ac05ee35f928ce7eb4bcf164
fe56434106b3da7bf1d47cf4b6a7baf3e32fa0d7766c6053574a0362956d43d4