urlscan.io logo urlscan.io
SecurityTrails logo

3mca.corpmerchandise.com Open in urlscan Pro
137.116.32.213  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://3mca.corpmerchandise.com/
Effective URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Submission: On September 05 via manual from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 8 IPs in 2 countries across 6 domains to perform 36 HTTP transactions. The main IP is 137.116.32.213, located in Boydton, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is 3mca.corpmerchandise.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on April 26th 2023. Valid for: a year.
This is the only time 3mca.corpmerchandise.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
2 13 137.116.32.213 8075 (MICROSOFT...)
3 2606:2800:133... 15133 (EDGECAST)
4 99.84.88.94 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
14 18.66.192.123 16509 (AMAZON-02)
1 99.84.88.80 16509 (AMAZON-02)
1 2606:4700:e4:... 13335 (CLOUDFLAR...)
1 34.199.91.47 14618 (AMAZON-AES)
36 8
13    137.116.32.213 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
3mca.corpmerchandise.com
3    2606:2800:133:206e:1315:22a5:2006:24fd (United States)

ASN15133 (EDGECAST, US)
spponeimages.azureedge.net
4    99.84.88.94 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-94.muc50.r.cloudfront.net
consent.trustarc.com
1    2a00:1450:4001:80b::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
14    18.66.192.123 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-192-123.muc50.r.cloudfront.net
consent-pref.trustarc.com
1    99.84.88.80 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-88-80.muc50.r.cloudfront.net
consent-st.trustarc.com
1    2606:4700:e4::ac40:a120 (United States)

ASN13335 (CLOUDFLARENET, US)
jsonip.com
1    34.199.91.47 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-34-199-91-47.compute-1.amazonaws.com
prefmgr-cookie.truste-svc.net
Apex Domain
Subdomains		 Transfer
19 trustarc.com
consent.trustarc.com — Cisco Umbrella Rank: 3124
consent-pref.trustarc.com — Cisco Umbrella Rank: 15463
consent-st.trustarc.com — Cisco Umbrella Rank: 40787
217 KB
13 corpmerchandise.com
3mca.corpmerchandise.com
584 KB
3 azureedge.net
spponeimages.azureedge.net — Cisco Umbrella Rank: 203607
62 KB
1 truste-svc.net
prefmgr-cookie.truste-svc.net — Cisco Umbrella Rank: 40945
2 KB
1 jsonip.com
jsonip.com — Cisco Umbrella Rank: 22144
642 B
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 41
1 KB
36 6
Domain Requested by
14 consent-pref.trustarc.com consent.trustarc.com
consent-pref.trustarc.com
prefmgr-cookie.truste-svc.net
13 3mca.corpmerchandise.com 2 redirects 3mca.corpmerchandise.com
4 consent.trustarc.com 3mca.corpmerchandise.com
consent.trustarc.com
3 spponeimages.azureedge.net 3mca.corpmerchandise.com
1 prefmgr-cookie.truste-svc.net 3mca.corpmerchandise.com
1 jsonip.com 3mca.corpmerchandise.com
1 consent-st.trustarc.com consent-pref.trustarc.com
1 fonts.googleapis.com 3mca.corpmerchandise.com
36 8

This site contains links to these domains. Also see Links.

Domain
www.staplespromo.ca
Subject Issuer Validity Valid
*.corpmerchandise.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-04-26 -
2024-05-26		 a year crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2023-05-05 -
2024-04-28		 a year crt.sh
*.trustarc.com
Amazon RSA 2048 M02		 2023-04-17 -
2024-05-14		 a year crt.sh
upload.video.google.com
GTS CA 1C3		 2023-08-14 -
2023-11-06		 3 months crt.sh
jsonip.com
GTS CA 1P5		 2023-07-11 -
2023-10-09		 3 months crt.sh
*.truste-svc.net
Amazon RSA 2048 M01		 2023-04-23 -
2024-05-21		 a year crt.sh

This page contains 5 frames:

Primary Page: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Frame ID: 0634BB728C852E20E214293952C3CD27
Requests: 20 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Frame ID: 3F89A98A11F106BEBDE2E9C415B4F662
Requests: 13 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Frame ID: 8CA86A25D1D6ED6720E23F411BDCF24A
Requests: 1 HTTP requests in this frame

Frame: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&cookieLink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Frame ID: 891DD4FA0D5480873199F67EBD809984
Requests: 1 HTTP requests in this frame

Frame: https://consent-pref.trustarc.com/cookie_inneriframe.html
Frame ID: 802D161F9448F1DB1BFDA77964C87EA2
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

3M Canada Promo Store

Page URL History Show full URLs

  1. http://3mca.corpmerchandise.com/ HTTP 302
    https://3mca.corpmerchandise.com/ HTTP 302
    https://3mca.corpmerchandise.com/user/login?returnurl=%2F Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • consent\.trustarc\.com

Page Statistics

36
Requests

100 %
HTTPS

38 %
IPv6

6
Domains

8
Subdomains

8
IPs

2
Countries

865 kB
Transfer

2538 kB
Size

9
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://3mca.corpmerchandise.com/ HTTP 302
    https://3mca.corpmerchandise.com/ HTTP 302
    https://3mca.corpmerchandise.com/user/login?returnurl=%2F Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

36 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request login
3mca.corpmerchandise.com/user/
Redirect Chain
  • http://3mca.corpmerchandise.com/
  • https://3mca.corpmerchandise.com/
  • https://3mca.corpmerchandise.com/user/login?returnurl=%2F
44 KB
14 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e2e0ddc1f498cf150013c4c582d7a1185677370c41d068d6406bad38c91d0c7f
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Cache-Control
public, no-store, max-age=0
Content-Encoding
gzip
Content-Length
12631
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Content-Type
text/html; charset=utf-8
Date
Tue, 05 Sep 2023 19:39:42 GMT
Expires
Tue, 05 Sep 2023 19:39:42 GMT
Last-Modified
Tue, 05 Sep 2023 19:39:42 GMT
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000;includeSubDomains;redirectHttpToHttps
Vary
*
X-Content-Type-Options
nosniff
X-Frame-Options
DENY

Redirect headers

Cache-Control
private
Content-Length
142
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Content-Type
text/html; charset=utf-8
Date
Tue, 05 Sep 2023 19:39:42 GMT
Location
/user/login?returnurl=%2F
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options
nosniff
X-Frame-Options
DENY
jquery
3mca.corpmerchandise.com/bundles/ 		377 KB
146 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/bundles/jquery?v=brvkvpKIMlvf23HGfjv1mtiJfPpdjviXSAqVjDmBFnw1
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a725fbc9d0cd17aa95561463dc5eee3606bbe0ec692ec000af00a4b88756f7cd
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 05 Sep 2023 19:39:43 GMT
Date
Tue, 05 Sep 2023 19:39:42 GMT
Transfer-Encoding
chunked
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
X-Frame-Options
DENY
Cache-Control
public
Expires
Wed, 04 Sep 2024 19:39:43 GMT
bootstrap.min.css
3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/bootstrap/css/ 		118 KB
28 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/bootstrap/css/bootstrap.min.css
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ee3e2ee232f9b6c47c3f06a2cdea044196963b87ce4d91eb823a80aca27a3d08
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 29 Aug 2023 09:44:24 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
ETag
"1D9DA5D64ACCC00"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
public
Accept-Ranges
bytes
Content-Length
27389
Expires
Wed, 06 Sep 2023 19:39:43 GMT
site.css
3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/css/ 		216 KB
52 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/css/site.css
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ac90de21259a3e52123fdadb12ce94b2d4f693b8e0af65e8b6455de90bb9f044
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Thu, 24 Aug 2023 13:31:50 GMT
Date
Tue, 05 Sep 2023 19:39:42 GMT
ETag
"1D9D68F56426700"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/css
Cache-Control
public
Accept-Ranges
bytes
Content-Length
51804
Expires
Wed, 06 Sep 2023 19:39:43 GMT
bootstrap.min.js
3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/bootstrap/js/ 		37 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/bootstrap/js/bootstrap.min.js
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
11fb05cec237a37307acae14ef62372749501cd112a84049b36855876c62fd82
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 29 Aug 2023 09:44:24 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
ETag
"1D9DA5D64ACCC00"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
public
Accept-Ranges
bytes
Content-Length
13226
Expires
Wed, 06 Sep 2023 19:39:44 GMT
event.min.js
3mca.corpmerchandise.com/Views/Themes/RedPanda/Scripts/lib/ 		27 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Scripts/lib/event.min.js
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
8ede402fa7211fe1ed99b6ce8f631002a7ebcab6e24eed44367149beff6851fe
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 29 Aug 2023 09:44:24 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
ETag
"1D9DA5D64ACCC00"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
public
Accept-Ranges
bytes
Content-Length
9687
Expires
Wed, 06 Sep 2023 19:39:43 GMT
4382b61f-73d0-481f-98cc-88a17666571b3mLogo.svg
spponeimages.azureedge.net/prod/ 		15 KB
15 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spponeimages.azureedge.net/prod/4382b61f-73d0-481f-98cc-88a17666571b3mLogo.svg?v=0
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
b0182c10ca5694444ceb639d3c744265447d3eba4814ebf4d3fe09ddbdf3049b

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 05 Sep 2023 19:39:43 GMT
last-modified
Fri, 09 Jun 2023 20:18:17 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
Vr1TkygDtU0uJxNuAcVq0g==
etag
0x8DB6926A93DD420
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
767a3d40-b01e-0002-5730-e040cb000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=3600
x-ms-version
2009-09-19
content-length
15173
expires
Tue, 05 Sep 2023 20:39:44 GMT
notice
consent.trustarc.com/ 		14 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/notice?domain=spp.com&c=teconsent&js=nj&noticeType=bb&text=true&irmc=irmlink&gtm=1&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
5575a85ff36b0cd5e2d4f58079e466ea31023282bf4549a24d5691fabbdcf4f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://3mca.corpmerchandise.com/
Origin
https://3mca.corpmerchandise.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
via
1.1 47225389ee58add3b9e790ead940cda4.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-C1
x-cache
Miss from cloudfront
cloudfront-viewer-country
DE
content-length
5243
x-xss-protection
1; mode=block
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
text/javascript;charset=UTF-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=3600
cloudfront-viewer-country-region
HE
timing-allow-origin
*
x-amz-cf-id
eYwHiiGebONMhzwFmAwxMte9YcBuO1uTyxtDDeVT9lC_leKYflRQ5Q==
expires
Tue, 05 Sep 2023 20:39:44 GMT
CoreJs
3mca.corpmerchandise.com/bundles/ 		211 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/bundles/CoreJs
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
5e8203bd167f7732e5a6bab4331288980c89c20c377c8823a345ade5114d1fb1
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 05 Sep 2023 19:39:43 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
Vary
User-Agent,Accept-Encoding
X-Frame-Options
DENY
Content-Type
text/javascript; charset=utf-8
Cache-Control
public
Content-Length
55311
Expires
Wed, 04 Sep 2024 19:39:43 GMT
ZnodeCoreJs
3mca.corpmerchandise.com/bundles/ 		328 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/bundles/ZnodeCoreJs
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
2ebf4cead7f76aae19f83d8bac0a285f2b33c11ad095d4a2d5a3499c59d15aac
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 05 Sep 2023 19:39:43 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
Transfer-Encoding
chunked
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
X-Frame-Options
DENY
Cache-Control
public
Expires
Wed, 04 Sep 2024 19:39:43 GMT
SPPCustomJs
3mca.corpmerchandise.com/bundles/ 		457 KB
139 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/bundles/SPPCustomJs
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
07e3924103e8387f368f861168b135498083a85d0822c74a872ac83e8966fd43
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 05 Sep 2023 19:39:44 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
Transfer-Encoding
chunked
Vary
User-Agent,Accept-Encoding
Content-Type
text/javascript; charset=utf-8
X-Frame-Options
DENY
Cache-Control
public
Expires
Wed, 04 Sep 2024 19:39:44 GMT
ZnodeLayout.js
3mca.corpmerchandise.com/Scripts/Core/Common/ 		1 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Scripts/Core/Common/ZnodeLayout.js
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
991879720fe454242fb43bea5f1a0f4f9aac9da29780f169e1abec1bff3f43e0
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/user/login?returnurl=%2F
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Encoding
gzip
X-Content-Type-Options
nosniff
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Last-Modified
Tue, 29 Aug 2023 09:46:06 GMT
Date
Tue, 05 Sep 2023 19:39:43 GMT
ETag
"1D9DA5DA178C300"
Vary
Accept-Encoding
X-Frame-Options
DENY
Content-Type
application/javascript
Cache-Control
public
Accept-Ranges
bytes
Content-Length
597
Expires
Wed, 06 Sep 2023 19:39:44 GMT
css
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Open+Sans:300,400,600
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/css/site.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:80b::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
124f165a1243b48bd2ac21cebd8852c818c5deb7692fbfb5c80f5d5b72625da9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
last-modified
Tue, 05 Sep 2023 18:22:26 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Tue, 05 Sep 2023 19:39:44 GMT
e99e5254-c775-4fbd-a9a6-c577032f6903New_Window.svg
spponeimages.azureedge.net/prod/ 		647 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://spponeimages.azureedge.net/prod/e99e5254-c775-4fbd-a9a6-c577032f6903New_Window.svg
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
4d57cc90030a08f379c6885967fb27597b21869291c8793e36079e7ebf22a986

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Tue, 05 Sep 2023 19:39:43 GMT
content-md5
ySPZMn+nZ+4iHDtHruhSHA==
content-length
647
x-ms-lease-status
unlocked
last-modified
Mon, 22 May 2023 15:26:00 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
etag
0x8DB5AD8D907AC0E
content-type
image/svg+xml
access-control-allow-origin
*
x-ms-request-id
8b763329-101e-0069-4430-e01d9d000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
max-age=3600
x-ms-version
2009-09-19
accept-ranges
bytes
expires
Tue, 05 Sep 2023 20:39:44 GMT
e8d10aa0-5091-4796-b010-7eb67f84b6fe3MCIRCULAR-BOOK.woff
spponeimages.azureedge.net/prod/ 		45 KB
46 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://spponeimages.azureedge.net/prod/e8d10aa0-5091-4796-b010-7eb67f84b6fe3MCIRCULAR-BOOK.woff?v=0
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:133:206e:1315:22a5:2006:24fd , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0 /
Resource Hash
41e9c63119dedec80e4f060370aaf26be4df359d41cd0e7c1933c91b6c731598

Request headers

Referer
https://3mca.corpmerchandise.com/
Origin
https://3mca.corpmerchandise.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

x-ms-lease-status
unlocked
x-ms-blob-type
BlockBlob
date
Tue, 05 Sep 2023 19:39:43 GMT
last-modified
Fri, 09 Jun 2023 14:49:26 GMT
server
Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0
content-md5
rD0aGRMrq/UWA9GCGjnNJg==
etag
0x8DB68F8B897B225
content-type
font/x-woff
access-control-allow-origin
*
x-ms-request-id
0081fd97-f01e-0005-7430-e0b64e000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
cache-control
max-age=3600
x-ms-version
2009-09-19
content-length
46516
expires
Tue, 05 Sep 2023 20:39:44 GMT
RedPanda.ttf
3mca.corpmerchandise.com/Views/Themes/RedPanda/Fonts/ 		21 KB
22 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Fonts/RedPanda.ttf?giwujd
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/css/site.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
137.116.32.213 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9770dfd37d3f1543c48f4dbf05a2acf627ea5e6f7ab1f9c95c28e99e179d634d
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Referer
https://3mca.corpmerchandise.com/Views/Themes/RedPanda/Content/css/site.css
Origin
https://3mca.corpmerchandise.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload, max-age=31536000;includeSubDomains;redirectHttpToHttps
Content-Security-Policy
script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
X-Content-Type-Options
nosniff
Date
Tue, 05 Sep 2023 19:39:43 GMT
Last-Modified
Tue, 29 Aug 2023 09:44:24 GMT
ETag
"0ccac645ddad91:0"
X-Frame-Options
DENY
Content-Type
application/octet-stream
Cache-Control
public,max-age=25920000
Accept-Ranges
bytes
Content-Length
21596
v1.7-920
consent.trustarc.com/asset/notice.js/v/ 		88 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent.trustarc.com/asset/notice.js/v/v1.7-920
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/notice?domain=spp.com&c=teconsent&js=nj&noticeType=bb&text=true&irmc=irmlink&gtm=1&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
bcf08f0d5a328cf0aa73c9c03008827d91b8232e055e900aecf9701a8bef58d5
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://3mca.corpmerchandise.com/
Origin
https://3mca.corpmerchandise.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 18:44:19 GMT
content-encoding
gzip
via
1.1 47225389ee58add3b9e790ead940cda4.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
age
3325
x-cache
Hit from cloudfront
pragma
public
last-modified
Thu, 10 Aug 2023 11:15:11 GMT
content-type
text/javascript
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
vSy7lDEvvR0szweOZlgu-8rCtRP1i9adznHUuF-8_Il7wiXBvrk1Fw==
expires
Thu, 05 Oct 2023 18:44:19 GMT
log
consent.trustarc.com/ 		43 B
431 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/log?domain=spp.com&country=de&state=&behavior=expressed&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW&c=7d35
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 19:39:44 GMT
via
1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
_lHNIJBM8aECSQ6ChET7aW5oXk4rTZwjHTqur-CI6RpZRyv_FkyMkQ==
expires
Mon, 26 Jul 1997 05:00:00 GMT
/
consent-pref.trustarc.com/ Frame 3F89 		5 KB
3 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Requested by
Host: consent.trustarc.com
URL: https://consent.trustarc.com/asset/notice.js/v/v1.7-920
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
4f683ac6bb92b36a1e2a103464835ad2b373d95a26bf14fd9038723c437773ee
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://3mca.corpmerchandise.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 19:39:44 GMT
etag
W/"5071-1690889538000"
expect-ct
max-age=86400; enforce;
last-modified
Tue, 01 Aug 2023 11:32:18 GMT
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-amz-cf-id
qc4TQ4cc04TbcBYIUTDKudO2pLYnIABOar7iIVZ0Ms2s9P1FQDFfMw==
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-xss-protection
1
noticemsg
consent.trustarc.com/ 		43 B
429 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent.trustarc.com/noticemsg?action=consent&domain=spp.com&behavior=expressed&country=de&language=en&rand=0.3950730819505226&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.94 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-94.muc50.r.cloudfront.net
Software
/
Resource Hash
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
no-cache
date
Tue, 05 Sep 2023 19:39:44 GMT
via
1.1 a1e8102a85e1e5a1d6e04d628d5dc180.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
vary
Origin
x-cache
Miss from cloudfront
content-type
image/gif
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-length
43
x-amz-cf-id
LNuH3lhjxGvXhLY-rKHkrWwTaE-hDX__J_gLtBfMw70AGYH7ZjfRTw==
expires
Mon, 26 Jul 1997 05:00:00 GMT
defaultpreferencemanager.nocache.js
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 3F89 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
4d872258b35aaf37b538f3b97ef48cb559a4ff68095aae2a6a40d25bdde8795e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:36 GMT
server
nginx
etag
W/"4867-1690889556000"
expect-ct
max-age=86400; enforce;
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
no-cache
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
QSzY7cmIL4YwnUMAApYGfy7D2SI7umWFJLhzBPaIh2szTvHrvD_kWA==
expires
Tue, 05 Sep 2023 19:39:43 GMT
get
consent-st.trustarc.com/ Frame 3F89 		20 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://consent-st.trustarc.com/get?name=combined_static_cm_minified.js
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.88.80 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-88-80.muc50.r.cloudfront.net
Software
/
Resource Hash
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

pragma
public
date
Fri, 01 Sep 2023 07:17:03 GMT
content-encoding
gzip
via
1.1 ac90d46be219b2aa8a23e6982405715c.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-C1
age
390161
vary
Origin
x-cache
Hit from cloudfront
content-type
text/javascript
cache-control
max-age=2592000
timing-allow-origin
*
x-amz-cf-id
dPiuF1EIQnsKj0yqlbDd3l0YmBikRUcu-2KFkqsSk_o0MlAMvc7ozg==
expires
Sun, 01 Oct 2023 07:17:03 GMT
loading.gif
consent-pref.trustarc.com/images/ Frame 3F89 		3 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent-pref.trustarc.com/images/loading.gif
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:18:25 GMT
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
1280
x-cache
Hit from cloudfront
content-length
2608
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:18 GMT
server
nginx
etag
W/"2608-1690889538000"
expect-ct
max-age=86400; enforce;
vary
Origin
content-type
image/gif
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges
bytes
x-amz-cf-id
KQgBayWMwr85u0TVRdemslmwvM2UJY1_KTNuaD0E_ZWIdJnfBbRDAA==
5A64273071286EB3ED13457842E3E57C.cache.html
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 8CA8 		139 KB
46 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/defaultpreferencemanager.nocache.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
104a66568bbf024ab81bdf7bb40133b0063d4188d521d1b1d21f93305386ae7c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
2280204
cache-control
max-age=315360000
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Thu, 10 Aug 2023 10:16:20 GMT
etag
W/"142502-1690889556000"
expect-ct
max-age=86400; enforce;
expires
Thu, 31 Dec 2037 23:55:55 GMT
last-modified
Tue, 01 Aug 2023 11:32:36 GMT
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-amz-cf-id
H_3WQMn2pTP5f-HqLd75SwZZ7WNr85yuO1ewa6HPq7F4xGp9TcMrqQ==
x-amz-cf-pop
MUC50-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 3F89 		969 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/truste
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

X-GWT-Module-Base
https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation
5A64273071286EB3ED13457842E3E57C
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/x-gwt-rpc; charset=UTF-8

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
content-disposition
attachment
content-length
468
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
server
nginx
expect-ct
max-age=86400; enforce;
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
6cvYh1Fsxh7B1o0vp2d1Tn2xBeOfbXk1CE_yqBlqeTpYrxsgcRZHpg==
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 3F89 		48 B
622 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/truste
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
2be685a3cd3d5866dfee1c814a146b762c009283baffc56f0b396366b8f7e612
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

X-GWT-Module-Base
https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation
5A64273071286EB3ED13457842E3E57C
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/x-gwt-rpc; charset=UTF-8

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
content-disposition
attachment
content-length
48
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
server
nginx
expect-ct
max-age=86400; enforce;
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
mS8JXI4XVczt3_r3dJO9aBegEZl3_k4pMjW7Ikr16Ozq5WHmh6tnTQ==
EuPreferenceManager.css
consent-pref.trustarc.com/ Frame 3F89 		30 KB
7 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/EuPreferenceManager.css
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
7507cbea1fef1e42197e3cf74a0863a0a30a529ddc8f5e44e08659f1443b7fa6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:14:05 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
1655
x-cache
Hit from cloudfront
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:18 GMT
server
nginx
etag
W/"30605-1690889538000"
expect-ct
max-age=86400; enforce;
vary
Accept-Encoding, Origin
content-type
text/css
cache-control
no-cache
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
hr_OHvA0ldKN4Nz_TVdDzMqYulN8kO7isNuAqDmtFzuc4R9isM5ysg==
expires
Tue, 05 Sep 2023 19:12:08 GMT
11.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/ Frame 3F89 		266 KB
91 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/11.cache.js
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
788689fe28103da3802755e3d7b274640b81a179378555e15c022e04ecf497bc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 10:16:30 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
2280194
x-cache
Hit from cloudfront
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:36 GMT
server
nginx
etag
W/"272652-1690889556000"
expect-ct
max-age=86400; enforce;
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
DlGDk2D4L_dZZQ_qV2DmVK2-67eAexSYgozWhzpr5H_TGJ21jtKTJw==
expires
Thu, 31 Dec 2037 23:55:55 GMT
1.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/ Frame 3F89 		20 KB
8 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/1.cache.js
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
fd2c6a68a3a377e59928d216fd86b6c44dd9169a169c5b028b10d966592eae21
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 10:17:10 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
2280154
x-cache
Hit from cloudfront
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:36 GMT
server
nginx
etag
W/"20276-1690889556000"
expect-ct
max-age=86400; enforce;
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
CY2H3iudf1VWEkxti5q4mozapba3L72uMJ2y6w-4W2ZzbMZFrzTFyA==
expires
Thu, 31 Dec 2037 23:55:55 GMT
/
jsonip.com/ 		166 B
642 B 		Script
General
Check archive.org
Download Go to
Full URL
https://jsonip.com/?callback=jQuery3510213409508408408_1693942783683&_=1693942783684
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/bundles/jquery?v=brvkvpKIMlvf23HGfjv1mtiJfPpdjviXSAqVjDmBFnw1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:e4::ac40:a120 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
23dab0915b68b871820b83226b1a8fa32db290e4f5bccd01e5011e628fe5e99e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000;

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://3mca.corpmerchandise.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
strict-transport-security
max-age=31536000;
content-encoding
gzip
cf-cache-status
DYNAMIC
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
server
cloudflare
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=%2FmuwjywnFzMoTo%2BKUTA9xGgzNk69hwDfvZszalGEyKqe2psccdsa6ZkDfXI6%2FZ54B%2F7clYnjoyDWXk1V53eCN6vMA3y%2BQb2le33YeQqlGPyKayozUF6kMUwEHCNSch%2BUrHbvt21irOCh"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET
access-control-allow-origin
*
content-type
application/json; charset=utf-8
cf-ray
8020f0a43be71961-FRA
alt-svc
h3=":443"; ma=86400
cookie_iframe.html
prefmgr-cookie.truste-svc.net/cookie_js/ Frame 891D 		5 KB
2 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&cookieLink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Requested by
Host: 3mca.corpmerchandise.com
URL: https://3mca.corpmerchandise.com/user/login?returnurl=%2F
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
34.199.91.47 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-34-199-91-47.compute-1.amazonaws.com
Software
nginx /
Resource Hash
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Referer
https://consent-pref.trustarc.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-eval' *; font-src 'self' *; style-src 'self' 'unsafe-inline' *; img-src 'self' * data: https://cdn1.iconfinder.com https://js.userflow.com; frame-src 'self' *; frame-ancestors 'self' *; connect-src 'self' *; script-src 'self' 'unsafe-inline' 'unsafe-eval' *; object-src 'self' *; media-src 'self' *; child-src 'self' *; worker-src 'self' *; manifest-src 'self' *;
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
unsafe-none
cross-origin-opener-policy
unsafe-none
cross-origin-resource-policy
cross-origin
date
Tue, 05 Sep 2023 19:39:44 GMT
etag
W/"5014-1657163800000"
expect-ct
max-age=31536000
last-modified
Thu, 07 Jul 2022 03:16:40 GMT
permissions-policy
geolocation=(), microphone=(), payment=()
referrer-policy
origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 3F89 		717 B
916 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/truste
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
5bc0bf6d720062aaa0b7ce63ffa07c4b8d70052dd81675b12ac0e07a4cb06574
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

X-GWT-Module-Base
https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation
5A64273071286EB3ED13457842E3E57C
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/x-gwt-rpc; charset=UTF-8

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
content-disposition
attachment
content-length
324
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
server
nginx
expect-ct
max-age=86400; enforce;
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
zmu8Nf5nXRV3O60I2GEDrnGs4md9-MdnH6jXSFHSTYD_K0p7696_OQ==
truste
consent-pref.trustarc.com/defaultpreferencemanager/ Frame 3F89 		24 KB
7 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/truste
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
0c2862c75cc917edde4a1b96149ca50b3b33f0e4922a931c408544515a5d53f3
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

X-GWT-Module-Base
https://consent-pref.trustarc.com/defaultpreferencemanager/
X-GWT-Permutation
5A64273071286EB3ED13457842E3E57C
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
Content-Type
text/x-gwt-rpc; charset=UTF-8

Response headers

date
Tue, 05 Sep 2023 19:39:44 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
strict-transport-security
max-age=31536000; includeSubDomains
x-content-type-options
nosniff
x-amz-cf-pop
MUC50-P1
x-cache
Miss from cloudfront
content-disposition
attachment
content-length
6234
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
server
nginx
expect-ct
max-age=86400; enforce;
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
w_W8Qbgj-IjeOP69rAo1yRqQwTe-I1HC2qgYuLMCMH_ksUIegD--NQ==
trustarc-logo-small.png
consent-pref.trustarc.com/images/ Frame 3F89 		4 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://consent-pref.trustarc.com/images/trustarc-logo-small.png
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Tue, 05 Sep 2023 19:19:38 GMT
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
1207
x-cache
Hit from cloudfront
content-length
4197
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:18 GMT
server
nginx
etag
W/"4197-1690889538000"
expect-ct
max-age=86400; enforce;
vary
Origin
content-type
image/png
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
accept-ranges
bytes
x-amz-cf-id
CgXjsBOkwd80NfTkQScfq3iFYNB_Aucj1_8_yV5VvwDBxGYswRO2vQ==
6.cache.js
consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/ Frame 3F89 		7 KB
4 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/defaultpreferencemanager/deferredjs/5A64273071286EB3ED13457842E3E57C/6.cache.js
Requested by
Host: consent-pref.trustarc.com
URL: https://consent-pref.trustarc.com/defaultpreferencemanager/5A64273071286EB3ED13457842E3E57C.cache.html
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
7c6a8aab45469dc12fe25612a2cafabd56c9ec8f7801b99f3bb3804f57b32003
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&cookieLink=https%3A%2F%2Fwww.staplespromo.ca%2Fprivacy-policy%3Flang%3Den-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36

Response headers

date
Thu, 10 Aug 2023 10:17:02 GMT
content-encoding
gzip
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
x-amz-cf-pop
MUC50-P1
age
2280163
x-cache
Hit from cloudfront
x-xss-protection
1
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 01 Aug 2023 11:32:36 GMT
server
nginx
etag
W/"7465-1690889556000"
expect-ct
max-age=86400; enforce;
vary
Accept-Encoding, Origin
content-type
application/javascript; charset=UTF-8
cache-control
max-age=315360000
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
x-amz-cf-id
ivW8Tc5fC5a4G4w5qnpTjIRxNSPfhgJWnfCCaNwLNUzdpFmajwn_Vg==
expires
Thu, 31 Dec 2037 23:55:55 GMT
cookie_inneriframe.html
consent-pref.trustarc.com/ Frame 802D 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://consent-pref.trustarc.com/cookie_inneriframe.html
Requested by
Host: prefmgr-cookie.truste-svc.net
URL: https://prefmgr-cookie.truste-svc.net/cookie_js/cookie_iframe.html?parent=https://consent-pref.trustarc.com/?type=spp_eu&site=spp.com&action=notice&country=de&locale=en&behavior=expressed&gtm=1&layout=default_eu&privacypolicylink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&cookieLink=https://www.staplespromo.ca/privacy-policy?lang=en-ca&behaviorManager=eu&irm=false&from=https://consent.trustarc.com/&session=6166c9e8-7a01-40d7-a22e-8844248b22fc&userType=NEW
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.192.123 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-192-123.muc50.r.cloudfront.net
Software
nginx /
Resource Hash
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1

Request headers

Referer
https://prefmgr-cookie.truste-svc.net/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/116.0.5845.140 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

age
1138
content-encoding
gzip
content-type
text/html; charset=UTF-8
date
Tue, 05 Sep 2023 19:20:49 GMT
etag
W/"2008-1690889538000"
expect-ct
max-age=86400; enforce;
last-modified
Tue, 01 Aug 2023 11:32:18 GMT
permissions-policy
midi=(),accelerometer=(),autoplay=(),gyroscope=(),microphone=(),camera=(),fullscreen=(),magnetometer=(),payment=()
referrer-policy
strict-origin-when-cross-origin
server
nginx
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding Origin
via
1.1 551f2461af0b3bf4faaad831ee6e5b1e.cloudfront.net (CloudFront)
x-amz-cf-id
qOAlOaDjS7bpzU_zxWRARrSCsjb0zfqJ_OgEhQuxkANycMEKdiLM7Q==
x-amz-cf-pop
MUC50-P1
x-cache
Hit from cloudfront
x-content-type-options
nosniff
x-xss-protection
1

Verdicts & Comments Add Verdict or Comment

157 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| documentPictureInPicture function| $ function| jQuery function| purl function| reloadPage object| global object| Constant object| ErrorMsg boolean| isFadeOut number| fadeOutTime object| CheckBoxCollection undefined| UpdateContainerId function| ZnodeBase function| __extends function| Endpoint function| CommonHelper function| SanitizeForXss undefined| _gridContainerName undefined| deleteActionlink boolean| isSelectCalender object| selectedImages function| DynamicGrid function| CustomJurl undefined| PageCount undefined| PageIndex undefined| PageSize undefined| RecordPerPageFieldName undefined| PageFieldName undefined| Sort undefined| SortDir undefined| SortFieldName undefined| SortDirFieldName function| GridPager function| AddNewRowManage function| isNumberKey function| DgUpdateString function| DgCallAjax function| DgUpdateSuccess function| DgUpdateAllSuccess function| DgDeleteRow number| rowCount object| EditableGridEvent object| EditableGrid function| jurl undefined| controlContext function| MultiSelectDDL function| EditableText object| _znodeAjaxifyOnLoadAllSubscriptions object| _znodeAjaxifyDirectives object| _znodeAjaxifyDirectivesArray object| _znodeAjaxifyOnLoadSubscriptions function| ZnodeAjaxify function| _ZnodeAjaxifyEventModel function| _ZnodeAjaxifiedDirective function| _ZnodeAjaxifiedDirectives function| en function| de function| fr function| ja object| ListConstants function| autocompletewrapper function| onselected function| executeFunctionByName undefined| isFromCategoryPage boolean| isAddToCartGroupProduct boolean| isProductInitCalled function| Product function| QuickOrderPad function| Category function| QuickOrder function| Search number| totalPages function| ZSearch function| Cart function| User function| ZnodeNotification function| Brand function| Checkout function| CaseRequest undefined| ScannerObject function| Home object| Config object| CategoriesArray function| SiteMap function| StoreLocator function| Import undefined| selectedTab string| emailLabelTextGlobal function| FormBuilder function| BlogNews function| CMPCookie function| VoiceRecognitionModel object| input object| node object| objVoiceRec function| VoiceRecognition function| ChromeVoiceRecognition function| BarcodeReader function| GoogleAnalytics function| Bloodhound function| _truste_eumap object| truste string| userType object| $temp_box_overlay function| _truste_eu object| PREF_MGR_API_DEBUG object| PrivacyManagerAPI object| TRUSTE_CMAPI_DEBUG object| clipartArray function| CustomBrand undefined| timer string| dataCaptureHtmlElement string| dataCapturePaymentOptionId function| StaplesPayTransactionData function| CustomCheckout object| cookieHandler function| CustomCart undefined| selectedClipart object| selectedDecoCliparts object| dict function| InitbLazy object| CustomConstant function| CustomDelegateApproval function| CustomEndpoint function| ArtifiAPI function| __assign undefined| cartSelectedCliparts object| persistedText number| persistedTextDecoLocation object| persistedMonogramQuantity number| persistedMonogramIndex object| persistedMonogramForm undefined| monogramForm boolean| IsValidate object| fuzzyObj object| fuzzyArray object| uploadedImageClipArts object| cartItemUploadedImagesJson object| dummyLogoDecoJson object| SelectedElements object| ClipArtViewModelList object| uploadPopulateLogodecorationLocationCliparts function| ArtifiModel function| CustomProduct function| CustomGlobalAttribute function| CustomUser function| DataCapture function| dateFormat string| artifiImageIntegrationUrl string| artifiIntegrationUrl object| omsSavedCartLineItemIds object| ko function| Blazy object| fuzzysort function| ZnodeLayout object| bLazy

9 Cookies

Domain/Path Name / Value
3mca.corpmerchandise.com/ Name: _WebStoreculture_M21jYS5jb3JwbWVyY2hhbmRpc2UuY29t
Value: 1
3mca.corpmerchandise.com/ Name: portal_M21jYS5jb3JwbWVyY2hhbmRpc2UuY29t
Value: 1182
3mca.corpmerchandise.com/ Name: publishstate_M21jYS5jb3JwbWVyY2hhbmRpc2UuY29t
Value: PRODUCTION
3mca.corpmerchandise.com/ Name: culture_M21jYS5jb3JwbWVyY2hhbmRpc2UuY29t
Value: en-US
3mca.corpmerchandise.com/ Name: __RequestVerificationToken
Value: q84-r8WnnBKJp0zcMITqNuDUpEIeYe6B-yEaQ1hs2N7SD07XY9rTXV5L61Fa1w7ZPAmqze434Vni7tfYoioU8L_jsP2SnTZLeMUPI5e2ANg1
.3mca.corpmerchandise.com/ Name: TAsessionID
Value: 6166c9e8-7a01-40d7-a22e-8844248b22fc|NEW
.3mca.corpmerchandise.com/ Name: notice_behavior
Value: expressed,eu
prefmgr-cookie.truste-svc.net/ Name: cookie_3rdparty
Value: enabled
consent-pref.trustarc.com/ Name: token_test
Value: Tue Sep 05 2023 21:39:45 GMT+0200 (Central European Summer Time)

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src 'self' 'unsafe-inline' 'unsafe-eval' https://jsonip.com *.artifi.net *.jquery.com *.trustarc.com *.corpmerchandise.com *.googletagmanager.com *.marketo.com *.google-analytics.com *.zmags.com *.issuu.com *.marketo.net *.googleadservices.com connect.facebook.net cdnjs.cloudflare.com *.staples.com googleads.g.doubleclick.net polyfill.io *.staplespromo.com *.staples-static.com *.inside-graph.com *.newrelic.com *.nr-data.net countdown.omegawatches.com https://*.kaptcha.com *.cloudfront.net *.retentionscience.com *.lightboxcdn.com lightboxapi.azurewebsites.net *.boldchat.com *.licdn.com *.linkedin.com *.btttag.com *.attentivemobile.com *.attn.tv *.contentsquare.net *.contentsquare.com *.bing.com *.dynamicyield.com *.azureedge.net;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload max-age=31536000;includeSubDomains;redirectHttpToHttps
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

3mca.corpmerchandise.com
consent-pref.trustarc.com
consent-st.trustarc.com
consent.trustarc.com
fonts.googleapis.com
jsonip.com
prefmgr-cookie.truste-svc.net
spponeimages.azureedge.net
137.116.32.213
18.66.192.123
2606:2800:133:206e:1315:22a5:2006:24fd
2606:4700:e4::ac40:a120
2a00:1450:4001:80b::200a
34.199.91.47
99.84.88.80
99.84.88.94
07e3924103e8387f368f861168b135498083a85d0822c74a872ac83e8966fd43
0c2862c75cc917edde4a1b96149ca50b3b33f0e4922a931c408544515a5d53f3
104a66568bbf024ab81bdf7bb40133b0063d4188d521d1b1d21f93305386ae7c
11fb05cec237a37307acae14ef62372749501cd112a84049b36855876c62fd82
124f165a1243b48bd2ac21cebd8852c818c5deb7692fbfb5c80f5d5b72625da9
23dab0915b68b871820b83226b1a8fa32db290e4f5bccd01e5011e628fe5e99e
2be685a3cd3d5866dfee1c814a146b762c009283baffc56f0b396366b8f7e612
2bfe0bfebc6bf40e5f73c03389ba8285505bc2f45d739d1efd5ca830f940a51d
2ebf4cead7f76aae19f83d8bac0a285f2b33c11ad095d4a2d5a3499c59d15aac
41e9c63119dedec80e4f060370aaf26be4df359d41cd0e7c1933c91b6c731598
4d57cc90030a08f379c6885967fb27597b21869291c8793e36079e7ebf22a986
4d872258b35aaf37b538f3b97ef48cb559a4ff68095aae2a6a40d25bdde8795e
4f683ac6bb92b36a1e2a103464835ad2b373d95a26bf14fd9038723c437773ee
5575a85ff36b0cd5e2d4f58079e466ea31023282bf4549a24d5691fabbdcf4f9
5bc0bf6d720062aaa0b7ce63ffa07c4b8d70052dd81675b12ac0e07a4cb06574
5e8203bd167f7732e5a6bab4331288980c89c20c377c8823a345ade5114d1fb1
7507cbea1fef1e42197e3cf74a0863a0a30a529ddc8f5e44e08659f1443b7fa6
788689fe28103da3802755e3d7b274640b81a179378555e15c022e04ecf497bc
7c6a8aab45469dc12fe25612a2cafabd56c9ec8f7801b99f3bb3804f57b32003
8ede402fa7211fe1ed99b6ce8f631002a7ebcab6e24eed44367149beff6851fe
91c4a6c4295f8889e8b04339a4a2c2e86d5eef71ba808164e641d0d8a6435004
9770dfd37d3f1543c48f4dbf05a2acf627ea5e6f7ab1f9c95c28e99e179d634d
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
991879720fe454242fb43bea5f1a0f4f9aac9da29780f169e1abec1bff3f43e0
a2de091c86c5a7b6dcc572eb6e5a76c2cd72ce27a2042a8dc2974f15b33566ed
a725fbc9d0cd17aa95561463dc5eee3606bbe0ec692ec000af00a4b88756f7cd
ac90de21259a3e52123fdadb12ce94b2d4f693b8e0af65e8b6455de90bb9f044
b0182c10ca5694444ceb639d3c744265447d3eba4814ebf4d3fe09ddbdf3049b
bcf08f0d5a328cf0aa73c9c03008827d91b8232e055e900aecf9701a8bef58d5
e2e0ddc1f498cf150013c4c582d7a1185677370c41d068d6406bad38c91d0c7f
e5356c4d200584b116d9ac14f89d883b120dbe4d7878914a4fa22358074c74f8
eb7cfd3d959b2e09c170f532e29f8b825f9bc770b2279fde58e595617753e244
ee3e2ee232f9b6c47c3f06a2cdea044196963b87ce4d91eb823a80aca27a3d08
f1ba71d3bf034aeceecb8895e71a44f4806dbb5bcc44e46fd8fc461a774eb880
fd2c6a68a3a377e59928d216fd86b6c44dd9169a169c5b028b10d966592eae21