urlscan.io logo urlscan.io
SecurityTrails logo

login.iconsavingsplan.com Open in urlscan Pro
2606:4700::6810:b8f8  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://my.iconsavingsplan.com/login
Effective URL: https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24y...
Submission: On November 01 via api from IE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 13 IPs in 1 countries across 11 domains to perform 39 HTTP transactions. The main IP is 2606:4700::6810:b8f8, located in United States and belongs to CLOUDFLARENET, US. The main domain is login.iconsavingsplan.com.
TLS certificate: Issued by Cloudflare Inc ECC CA-3 on December 31st 2021. Valid for: a year.
This is the only time login.iconsavingsplan.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
7 52.38.21.97 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 65.9.66.20 16509 (AMAZON-02)
4 34.120.195.249 396982 (GOOGLE-CL...)
6 99.86.8.175 16509 (AMAZON-02)
1 1 108.138.17.127 16509 (AMAZON-02)
7 99.86.4.109 16509 (AMAZON-02)
1 44.240.39.179 16509 (AMAZON-02)
3 54.175.168.65 14618 (AMAZON-AES)
1 151.101.128.176 54113 (FASTLY)
1 5 2606:4700::68... 13335 (CLOUDFLAR...)
1 13.32.105.49 16509 (AMAZON-02)
1 52.92.160.34 16509 (AMAZON-02)
39 13
7    52.38.21.97 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-38-21-97.us-west-2.compute.amazonaws.com
my.iconsavingsplan.com
1    2606:4700::6812:bcf (United States)

ASN13335 (CLOUDFLARENET, US)
maxcdn.bootstrapcdn.com
2    65.9.66.20 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-65-9-66-20.fra56.r.cloudfront.net
cdn.plaid.com
4    34.120.195.249 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 249.195.120.34.bc.googleusercontent.com
o314901.ingest.sentry.io
6    99.86.8.175 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-8-175.fra6.r.cloudfront.net
cdn.segment.com
1    108.138.17.127 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-17-127.fra56.r.cloudfront.net
widget.intercom.io
7    99.86.4.109 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-86-4-109.fra6.r.cloudfront.net
js.intercomcdn.com
1    44.240.39.179 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-44-240-39-179.us-west-2.compute.amazonaws.com
api.segment.io
3    54.175.168.65 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-54-175-168-65.compute-1.amazonaws.com
api-iam.intercom.io
1    151.101.128.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
5    2606:4700::6810:b8f8 (United States)

ASN13335 (CLOUDFLARENET, US)
login.iconsavingsplan.com
1    13.32.105.49 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-32-105-49.fra60.r.cloudfront.net
cdn.auth0.com
1    52.92.160.34 (Boardman, United States)

ASN16509 (AMAZON-02, US)
iconsavingsplan-public.s3.us-west-2.amazonaws.com
Apex Domain
Subdomains		 Transfer
12 iconsavingsplan.com
my.iconsavingsplan.com
login.iconsavingsplan.com
6 MB
7 intercomcdn.com
js.intercomcdn.com — Cisco Umbrella Rank: 4898
503 KB
6 segment.com
cdn.segment.com — Cisco Umbrella Rank: 2290
57 KB
4 intercom.io
widget.intercom.io — Cisco Umbrella Rank: 5727
api-iam.intercom.io — Cisco Umbrella Rank: 4913
5 KB
4 sentry.io
o314901.ingest.sentry.io
366 B
2 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 28496
77 KB
1 amazonaws.com
iconsavingsplan-public.s3.us-west-2.amazonaws.com
2 KB
1 auth0.com
cdn.auth0.com — Cisco Umbrella Rank: 15287
226 KB
1 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2552
94 KB
1 segment.io
api.segment.io — Cisco Umbrella Rank: 1247
179 B
1 bootstrapcdn.com
maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1165
24 KB
39 11
Domain Requested by
7 js.intercomcdn.com my.iconsavingsplan.com
widget.intercom.io
js.intercomcdn.com
7 my.iconsavingsplan.com my.iconsavingsplan.com
6 cdn.segment.com my.iconsavingsplan.com
cdn.segment.com
5 login.iconsavingsplan.com 1 redirects my.iconsavingsplan.com
cdn.auth0.com
4 o314901.ingest.sentry.io my.iconsavingsplan.com
3 api-iam.intercom.io js.intercomcdn.com
2 cdn.plaid.com my.iconsavingsplan.com
cdn.plaid.com
1 iconsavingsplan-public.s3.us-west-2.amazonaws.com login.iconsavingsplan.com
1 cdn.auth0.com login.iconsavingsplan.com
1 js.stripe.com my.iconsavingsplan.com
1 api.segment.io cdn.segment.com
1 widget.intercom.io 1 redirects
1 maxcdn.bootstrapcdn.com my.iconsavingsplan.com
39 13

This site contains no links.

Subject Issuer Validity Valid
my.iconsavingsplan.com
R3		 2022-09-07 -
2022-12-06		 3 months crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-01-29 -
2023-01-29		 a year crt.sh
secure.plaid.com
DigiCert SHA2 Extended Validation Server CA		 2022-03-08 -
2023-04-08		 a year crt.sh
*.ingest.sentry.io
R3		 2022-10-19 -
2023-01-17		 3 months crt.sh
*.segment.com
Amazon		 2022-01-12 -
2023-02-10		 a year crt.sh
*.segment.io
Amazon		 2022-02-10 -
2023-03-11		 a year crt.sh
*.intercomcdn.com
Amazon		 2022-01-30 -
2023-02-28		 a year crt.sh
*.intercom.com
Amazon		 2022-03-16 -
2023-04-14		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2022-10-19 -
2023-01-11		 3 months crt.sh
login.iconsavingsplan.com
Cloudflare Inc ECC CA-3		 2021-12-31 -
2022-12-31		 a year crt.sh
*.auth0.com
Amazon		 2022-03-26 -
2023-04-24		 a year crt.sh
*.s3-us-west-2.amazonaws.com
Amazon		 2022-09-21 -
2023-08-24		 a year crt.sh

This page contains 3 frames:

Primary Page: https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Frame ID: BCE4EE9D3F66176028EE04AF550B56C4
Requests: 28 HTTP requests in this frame

Frame: https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7
Frame ID: D3A91389EAD6D75A43802F809AA542D1
Requests: 9 HTTP requests in this frame

Frame: https://login.iconsavingsplan.com/authorize?client_id=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=web_message&state=ZkxNT0M5T0ZpWEE2T1lManEtdFNuWjNkMDdkUFU5UDRPaURTQ09pV195Zw%3D%3D&nonce=cUFMfkZ4cTREaG51bUtkLlFDc0V4aWZVd3UwbTlwRjZMdEZVbExuZDNobg%3D%3D&code_challenge=38tItpHlkztE6ql8HahxsAnzzi6vOtLFnJkaN8Lsf4E&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Frame ID: 89E715D4AA65D71FCED7E0A8DE0C1E41
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Sign In to your Icon Account

Page URL History Show full URLs

  1. https://my.iconsavingsplan.com/login Page URL
  2. https://login.iconsavingsplan.com/authorize?client_id=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&audience=https%3A%2F%2F... HTTP 302
    https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3Rp... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • /lock/([\d.]+)/lock(?:.min)?\.js
Overall confidence: 100%
Detected patterns
  • cdn\.segment\.com/analytics\.js

Page Statistics

39
Requests

95 %
HTTPS

15 %
IPv6

11
Domains

13
Subdomains

13
IPs

1
Countries

6699 kB
Transfer

9324 kB
Size

8
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://my.iconsavingsplan.com/login Page URL
  2. https://login.iconsavingsplan.com/authorize?client_id=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&state=Y0NNYm5fYlp%2BZnBIU3VRc2VVWGFwcFBsUENydUhkcHhpdmNVT01mY1RiZQ%3D%3D&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9 HTTP 302
    https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9 Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 13
  • https://widget.intercom.io/widget/jhrlzhsl HTTP 302
  • https://js.intercomcdn.com/shim.latest.js

39 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
login
my.iconsavingsplan.com/ 		3 KB
7 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
453f401874219c551ef7792d0141bd8147fb0d731970a706607c0b64ec695bc9
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-b843b62f-3075-473e-8e7a-6a84dff3cc69';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

Content-Length
3496
Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-b843b62f-3075-473e-8e7a-6a84dff3cc69';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Content-Type
text/html; charset=utf-8
Cross-Origin-Opener-Policy
same-origin
Cross-Origin-Resource-Policy
same-origin
Date
Tue, 01 Nov 2022 17:02:06 GMT
Etag
W/"da8-Xkrt+dnBS64/17uXkZat0l/CBtE"
Expect-Ct
max-age=0
Origin-Agent-Cluster
?1
Referrer-Policy
no-referrer
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Content-Type-Options
nosniff
X-Dns-Prefetch-Control
off
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
X-Xss-Protection
0
bootstrap.min.css
maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/ 		152 KB
24 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:bcf , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
Origin
https://my.iconsavingsplan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 17:02:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
MISS
content-encoding
br
cdn-edgestorageid
752
cdn-cachedat
08/15/2022 13:52:49
cdn-pullzone
252412
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
last-modified
Mon, 25 Jan 2021 22:04:08 GMT
cdn-proxyver
1.02
cdn-requestpullcode
200
server
cloudflare
etag
W/"a15c2ac3234aa8f6064ef9c1f7383c37"
vary
Accept-Encoding
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cdn-cache
HIT
cdn-uid
b1941f61-b576-4f40-80de-5677acb38f74
cache-control
public, max-age=31919000
cdn-requestid
494e3f02af63f25e5156f57509b4ef6c
timing-allow-origin
*
cdn-requestcountrycode
DE
cdn-status
200
cf-ray
7636323e9deb90a6-FRA
cdn-requestpullsuccess
True
env.js
my.iconsavingsplan.com/ 		973 B
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/env.js
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
8662518f3cf388e224af966c9ac7fbdeea800362352e7cd7ae1d5200155d7e4f
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-c90897fa-2ac8-4d17-8e8b-042be9a79673';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-c90897fa-2ac8-4d17-8e8b-042be9a79673';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:07 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
973
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 01 Nov 2022 04:47:56 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"3cd-18431847c0d"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=UTF-8
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		97 KB
34 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0d0d5e369941b4582bfce6bf16dd4e0061043af62930abdf47ddd14e25239d1d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 21:31:32 GMT
x-amz-version-id
itUdXQLr6IaoAK5NEpRreegIM_s1SIgd
content-encoding
gzip
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-request-id
JEEFQK3FQ104XD2Z
x-amz-cf-pop
FRA56-C1
x-amz-server-side-encryption
AES256
age
70236
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
JVCIcSUZML1eEhUYs34NwOwaAHIRJfMgek4TVXV82qcgr3Km6W/ejI6aIRHzk2zkEmbE4lIloXQ=
last-modified
Mon, 31 Oct 2022 20:08:25 GMT
server
AmazonS3
etag
W/"f0562bb333edc4e9c873a14036aad632"
vary
Accept-Encoding
content-type
application/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
Drh0-0CIJ3OG_p2tEYb3fToBdgbGt8c9gN-_n7ouKd__ovj59t9iAQ==
bundle.js
my.iconsavingsplan.com/ 		5 MB
5 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/bundle.js
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
1d1b0575a42017137b73769b9faaa8bc4e15ae367fba7d3846933bfe5f49cd44
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-9ca31c6d-611c-4729-9106-650096ea7d41';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-9ca31c6d-611c-4729-9106-650096ea7d41';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:07 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
5657992
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 25 Oct 2022 19:22:45 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"565588-1841098df88"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
application/javascript; charset=UTF-8
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
/
o314901.ingest.sentry.io/api/5652732/security/ 		0
249 B 		Other
General
Check archive.org
Download Go to
Full URL
https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 01 Nov 2022 17:02:07 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
access-control-allow-origin
https://my.iconsavingsplan.com
access-control-expose-headers
retry-after, x-sentry-rate-limits, x-sentry-error
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
analytics.min.js
cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/ 		100 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
eaa043ec0724e95ae033169f32402f853b7f5e35969583bcc12ef367997ad805

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 17:02:08 GMT
x-amz-version-id
mmUvKRGp8lkqhW2EgBeMhSn2AoiEQFr6
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 19 Oct 2022 22:53:58 GMT
server
AmazonS3
etag
W/"7224d7418843ecdde5b8a71c57da9b4a"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
K0kXxhUcHkofXT-mm_78PvsLfop6Bo0wA91lLbXg-wLR-oMdDutReA==
link-dynamic-loader.js
cdn.plaid.com/link/2.0.1418/ 		0
43 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/2.0.1418/link-dynamic-loader.js
Requested by
Host: cdn.plaid.com
URL: https://cdn.plaid.com/link/v2/stable/link-initialize.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
65.9.66.20 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-65-9-66-20.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Mon, 31 Oct 2022 21:31:34 GMT
x-amz-version-id
DDBZI6wpmTXJ4HU.Ij8VhDkxVtoPVcU6
content-encoding
gzip
via
1.1 673c96d1f19de21216629aa48d90ac92.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-C1
age
70234
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 31 Oct 2022 20:08:25 GMT
server
AmazonS3
etag
W/"7868e559a334c4bce01ef1dd3bf652f6"
vary
Accept-Encoding
content-type
application/javascript
cache-control
max-age=10800
x-amz-cf-id
hSCH41A4FENKCJkIFZCY6LIb2RfmVj5dNeSwNPPWuc5zPeUBHNBd5g==
settings
cdn.segment.com/v1/projects/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/settings
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e71e6ab1ec4a7beaba512496b808900a9710d13a3b3fa0e8934b63df55aeac49

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 17:02:09 GMT
x-amz-version-id
Zy.Ran_yR0Xb43uaBoM0L8TN4LUCd67N
content-encoding
br
via
1.1 25c6baf0a31a5ef699c1e219b25ce7b8.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 08 Sep 2022 20:42:54 GMT
server
AmazonS3
etag
W/"29d08200e79e996f68491b2d13464aa1"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
N3lodzMYBUJe2CmZhYzPyZFOLO3Sl2zmaGKWC5tuomKAg5P9gV4oHw==
ajs-destination.bundle.69f445038fee7a77bb89.js
cdn.segment.com/analytics-next/bundles/ 		8 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.69f445038fee7a77bb89.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
a856c49200096e83ed1a3612d4b4fcb1961a1f66f1a5f78c19bb71e31b98d221

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Thu, 13 Oct 2022 18:56:55 GMT
x-amz-version-id
R9iis8zxPUzbYG2v9lARGoizVOYozofb
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
1634715
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 13 Oct 2022 18:09:00 GMT
server
AmazonS3
etag
W/"a92b4438941110932485ba4d769e9fcf"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
dov5lGSQ0Buedg35ngcolaVm_CFpjht4SDY9C_abVsp_93Nv8iKBGg==
schemaFilter.bundle.debb169c1abb431faaa6.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.debb169c1abb431faaa6.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Sat, 30 Jul 2022 15:59:56 GMT
x-amz-version-id
bdGJW00hoMEULfpND6wyp6DIUgkdrIDO
content-encoding
br
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1
age
8125334
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 28 Jul 2022 21:17:25 GMT
server
AmazonS3
etag
W/"3e448afdfea355c0f19700d04431ce7d"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
AaHFQhsWtM2zkdukLIRKktUApvoImPwE_24oulxoYmNCZ2ENsV2lug==
intercom.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/intercom/3.1.0/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/intercom/3.1.0/intercom.dynamic.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f17f078ea883fbe048f75ab5e7371c081cbd7d85ec5d91d443512d1ecd63dfb3

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Fri, 23 Sep 2022 21:54:08 GMT
content-encoding
gzip
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-version-id
JLPESHaBzhxRLRBBGBlN9SdszIvJm4AK
x-amz-cf-pop
FRA6-C1
age
3352082
x-cache
Hit from cloudfront
content-length
1878
last-modified
Mon, 19 Sep 2022 21:38:20 GMT
server
AmazonS3
etag
"d20b898e8b1fe44f03e532db7fe5cf4e"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
2tPlE7qwfJhH_OTBD-xJF7CqWjlYzDxN4yZyJlAI-xojSod3Gj8IOg==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.8.175 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-8-175.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Wed, 28 Sep 2022 07:40:28 GMT
content-encoding
gzip
via
1.1 9bca546700a965c9c77ef5b8dbe65cc4.cloudfront.net (CloudFront)
x-amz-version-id
Z.cz1sApkVz0CAwS1aXBsP5bZXvNz24o
x-amz-cf-pop
FRA6-C1
age
2971302
x-cache
Hit from cloudfront
content-length
22177
last-modified
Mon, 19 Sep 2022 21:38:18 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
oC4o5-FdxzJKLnYBLllTpJXDP8v_jsIfPBmGPwRVILxANIxhqKQgxA==
shim.latest.js
js.intercomcdn.com/
Redirect Chain
  • https://widget.intercom.io/widget/jhrlzhsl
  • https://js.intercomcdn.com/shim.latest.js
18 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/shim.latest.js
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
c22511d6a268e93656154c9c570108fe6d43f5f2a5d81aabdae1768fc254c3a0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 16:58:36 GMT
content-encoding
gzip
via
1.1 82e9051d8d41080bd3028731e0e8677e.cloudfront.net (CloudFront)
x-amz-version-id
JNyTMRTP9zBF8EtQHAHHlRZUY9j7haz1
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
age
214
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
6170
last-modified
Tue, 01 Nov 2022 14:53:29 GMT
server
AmazonS3
etag
"90317ebb26173b39feb933a24d8fc53a"
content-type
application/javascript; charset=UTF-8
cache-control
max-age=300, s-maxage=300, public
accept-ranges
bytes
x-amz-cf-id
8wGRVykUr0AsK-EwENWXLiffMn5NWSQEwKA5z_7h_BuObV0VM2sO0Q==

Redirect headers

date
Sat, 28 May 2022 13:48:12 GMT
via
1.1 9672a97668a5842cedcfaee3e743019e.cloudfront.net (CloudFront)
server
AmazonS3
x-amz-cf-pop
FRA56-P7
age
13576438
x-cache
Hit from cloudfront
location
https://js.intercomcdn.com/shim.latest.js
cache-control
max-age=86400
alt-svc
h3=":443"; ma=86400
content-length
0
x-amz-cf-id
E0LUD_02XCekC5H69POLED3NtPSfUG_epChE3H41AaPgzu1B6uScbA==
p
api.segment.io/v1/ 		21 B
179 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.segment.io/v1/p
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/analytics.js/v1/WyYsNgEFmy08n8w7Go1T2S8VaA3aYXsc/analytics.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
44.240.39.179 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-44-240-39-179.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain

Response headers

access-control-allow-origin
https://my.iconsavingsplan.com
date
Tue, 01 Nov 2022 17:02:09 GMT
strict-transport-security
max-age=31536000
content-length
21
vary
Origin
content-type
application/json
/
o314901.ingest.sentry.io/api/5652732/security/ Frame D3A9 		0
82 B 		Other
General
Check archive.org
Download Go to
Full URL
https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 01 Nov 2022 17:02:09 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
access-control-allow-origin
https://my.iconsavingsplan.com
access-control-expose-headers
x-sentry-rate-limits, x-sentry-error, retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
frame-modern.cecfaaa5.js
js.intercomcdn.com/ Frame D3A9 		445 KB
122 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/jhrlzhsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
cbd8119b6914d83e85bf54910edffd8ec60a9835d5713caaf8b3f46f08663b89
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
fErUk8brVpY20C_46HsywLFzcopTW9Fg
content-encoding
gzip
via
1.1 82e9051d8d41080bd3028731e0e8677e.cloudfront.net (CloudFront)
date
Tue, 01 Nov 2022 16:53:35 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
age
514
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
124311
last-modified
Tue, 01 Nov 2022 14:52:10 GMT
server
AmazonS3
etag
"98a77bd459499fba441e0ce39cc2b75e"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
TRLeoJWb8sgy6oVAkQjIEDeCp6XESR_mhqwgeqWhwwXt0EF9mQBJew==
vendor-modern.87133c1b.js
js.intercomcdn.com/ Frame D3A9 		236 KB
73 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.87133c1b.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/jhrlzhsl
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
041cccf58bcaf80e8c076b0c7088052549ae9e190f380ba3796965195a795b15
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
D24zTTWpePuX3gYTpAQSw7pOjvpPiRsn
content-encoding
gzip
via
1.1 82e9051d8d41080bd3028731e0e8677e.cloudfront.net (CloudFront)
date
Tue, 01 Nov 2022 16:16:38 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-amz-cf-pop
FRA6-C1
age
2732
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
74252
last-modified
Fri, 28 Oct 2022 15:41:55 GMT
server
AmazonS3
etag
"a44d82f78503b9d459c2aa1991b525a9"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
EUPsz19Lm90YLVhY8Q-lXpQ7y5Sdz9XmL8kTa0jFIl57yGED03w4Ig==
ping
api-iam.intercom.io/messenger/web/ Frame D3A9 		6 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-168-65.compute-1.amazonaws.com
Software
nginx /
Resource Hash
ad233c3df88276b3af3f6e84a832360fe3454c831172b9086047d3440669f3b8
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 01 Nov 2022 17:02:10 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-08f1d945aaedd67f8
status
200 OK
x-xss-protection
1; mode=block
x-request-id
003k426ki0gjl2qu8370
x-runtime
0.475323
server
nginx
etag
W/"ad233c3df88276b3af3f6e84a832360f"
x-ratelimit-remaining
13332
vary
Accept,Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://my.iconsavingsplan.com
x-intercom-version
2dcabc53e0c139245dc42cbce7d88532546b3d28
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-ratelimit-reset
1667322140
x-ratelimit-limit
13333
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
ping
api-iam.intercom.io/messenger/web/ Frame D3A9 		3 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-168-65.compute-1.amazonaws.com
Software
nginx /
Resource Hash
23fe8a465af76f8b7f6057b0e54c1c8344f107b2219fb6ca21a5b53795bb97fe
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers

date
Tue, 01 Nov 2022 17:02:11 GMT
strict-transport-security
max-age=31556952; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
x-ami-version
ami-08f1d945aaedd67f8
status
200 OK
x-xss-protection
1; mode=block
x-request-id
000479ljbt5sfq4stcug
x-runtime
0.285252
server
nginx
etag
W/"23fe8a465af76f8b7f6057b0e54c1c83"
x-ratelimit-remaining
13331
vary
Accept,Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
https://my.iconsavingsplan.com
x-intercom-version
2dcabc53e0c139245dc42cbce7d88532546b3d28
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
x-ratelimit-reset
1667322140
x-ratelimit-limit
13333
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
vendors~app~tooltips-modern.db983597.js
js.intercomcdn.com/ Frame D3A9 		503 KB
97 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendors~app~tooltips-modern.db983597.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6fb120150e6ebe47b2661b4a1b5feaa405bbdaa65bce1560a3a1461b17824d49
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-version-id
TWoQkZepKfshpeJe3Y21jfiJRlzRVjUf
date
Tue, 01 Nov 2022 15:21:06 GMT
x-amz-cf-pop
FRA6-C1
age
6071
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
99366
last-modified
Fri, 28 Oct 2022 15:41:55 GMT
server
AmazonS3
etag
"6f204eb50f7b37e73be581f6182e92bd"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
f_2OR-7Da17uGSJpSVpp0DV067kw1IjKwMXNAdcaC-xvAE4ioVN5tA==
vendors~app-modern.c15fb58d.js
js.intercomcdn.com/ Frame D3A9 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendors~app-modern.c15fb58d.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
caf4e457c0bf8766c5569d2ddf0eb3c75f93832d10c739688c986e9c8c1d7b7e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-version-id
fOzZ_xt220ORYhHfxZQVO4pxzYUo7Utl
date
Tue, 01 Nov 2022 15:21:10 GMT
x-amz-cf-pop
FRA6-C1
age
6071
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
12953
last-modified
Fri, 28 Oct 2022 15:41:55 GMT
server
AmazonS3
etag
"f603920eaa1b7ea60bc7245fd1163628"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
92q9OxcG9hf3Hv2_5qPIflFjlBTS0uyT_V-n9ew6OJasSTusBrCQbQ==
app~tooltips-modern.e7649914.js
js.intercomcdn.com/ Frame D3A9 		205 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/app~tooltips-modern.e7649914.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
ca9a6b24c7e42757affde99240692f85b8b3b7b2b83ce137bb6e3fb9d17628c0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-version-id
g.R5qYhKhw1mfZT9tG3aUnQzM77B6bGH
date
Tue, 01 Nov 2022 15:21:23 GMT
x-amz-cf-pop
FRA6-C1
age
6054
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
51602
last-modified
Fri, 28 Oct 2022 15:41:55 GMT
server
AmazonS3
etag
"6f067cab15fee0ccfe3c9e96dac492cf"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
bKvqscL-iGyjmWi5wbTYd0PpnAOC8n7_vtjyfWtaR8xzmbmjMBSwTg==
app-modern.9c62ed23.js
js.intercomcdn.com/ Frame D3A9 		549 KB
140 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/app-modern.9c62ed23.js
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
99.86.4.109 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-86-4-109.fra6.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
41944135c1077f57775e385adf54ee88cfc4da8204c7087b02e1be0a11978318
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
via
1.1 560d8d35213ac925f8d05c5730db1582.cloudfront.net (CloudFront)
x-amz-version-id
IEx_sJVGrBBxV.E29mXtfpCCFbZQLl8s
date
Tue, 01 Nov 2022 16:53:38 GMT
x-amz-cf-pop
FRA6-C1
age
520
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
alt-svc
h3=":443"; ma=86400
content-length
142914
last-modified
Tue, 01 Nov 2022 14:52:10 GMT
server
AmazonS3
etag
"c2fb63a777f6e84cf74c983274486905"
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=31536000, s-maxage=7200, public
accept-ranges
bytes
x-amz-cf-id
7siQnL13sQKFiA8ZfU2xm_1mEZJN9qqRbzRU229hX5m_v7MyspY2ZQ==
/
o314901.ingest.sentry.io/api/5652732/envelope/ 		2 B
20 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://o314901.ingest.sentry.io/api/5652732/envelope/?sentry_key=20958cc919924d73b066654817e8b8b7&sentry_version=7
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
https://my.iconsavingsplan.com/
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Tue, 01 Nov 2022 17:02:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
content-type
application/json
access-control-allow-origin
https://my.iconsavingsplan.com
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		393 KB
94 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.128.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
5fee0426efe60d73e8cab870d33215a08597deb50d43ca86a42e7d0049bb47e0
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

strict-transport-security
max-age=31556926; includeSubDomains; preload
content-encoding
br
x-content-type-options
nosniff
date
Tue, 01 Nov 2022 17:02:26 GMT
via
1.1 varnish
age
45
x-cache
HIT
content-length
96283
x-request-id
8ce2340a-8913-4735-af14-4398590e3500
x-served-by
cache-hhn4028-HHN
last-modified
Tue, 01 Nov 2022 00:04:25 GMT
server
Fastly
etag
"86ddb6f8912ac9f03eb713c5cd181155"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
accept-ranges
bytes
timing-allow-origin
*
x-cache-hits
21
logo.svg
my.iconsavingsplan.com/assets/ 		1 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.iconsavingsplan.com/assets/logo.svg
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
e9e10ed96b6c0d0953b642a630feb6ed426434969a704b9c2dc73941965b0376
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-7d1eca4f-8991-42d5-b284-8d4be901f2a6';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-7d1eca4f-8991-42d5-b284-8d4be901f2a6';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:26 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
1417
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 25 Oct 2022 19:22:45 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"589-1841098df88"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
image/svg+xml
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
81c43254d6388fd66405.woff
my.iconsavingsplan.com/ 		46 KB
50 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/81c43254d6388fd66405.woff
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
bd1c444477e35252629cfd656b1370d2c15f3774b8afbad53913e63dadf15c63
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-486c87bc-ebbd-4d6e-87de-fe2b52f0e3a8';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://my.iconsavingsplan.com/login
Origin
https://my.iconsavingsplan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-486c87bc-ebbd-4d6e-87de-fe2b52f0e3a8';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:26 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
47264
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 25 Oct 2022 19:22:45 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"b8a0-1841098df88"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
e32f0aa2-fa2c-4dbf-90ae-bb60216820a6
https://my.iconsavingsplan.com/ 		5 KB
0 		Other
General
Check archive.org
Download Go to
Full URL
blob:https://my.iconsavingsplan.com/e32f0aa2-fa2c-4dbf-90ae-bb60216820a6
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
BLOB
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
80a0e07f59d956de9a749beb99a98e16a9d30735036f6eccf698a5c7d6e8bd80

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Length
5040
Content-Type
application/javascript
/
o314901.ingest.sentry.io/api/5652732/security/ Frame 89E7 		0
15 B 		Other
General
Check archive.org
Download Go to
Full URL
https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.120.195.249 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
249.195.120.34.bc.googleusercontent.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/csp-report

Response headers

date
Tue, 01 Nov 2022 17:02:26 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
Origin
access-control-allow-origin
https://my.iconsavingsplan.com
access-control-expose-headers
x-sentry-error, x-sentry-rate-limits, retry-after
x-envoy-upstream-service-time
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
authorize
login.iconsavingsplan.com/ Frame 89E7 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://login.iconsavingsplan.com/authorize?client_id=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=web_message&state=ZkxNT0M5T0ZpWEE2T1lManEtdFNuWjNkMDdkUFU5UDRPaURTQ09pV195Zw%3D%3D&nonce=cUFMfkZ4cTREaG51bUtkLlFDc0V4aWZVd3UwbTlwRjZMdEZVbExuZDNobg%3D%3D&code_challenge=38tItpHlkztE6ql8HahxsAnzzi6vOtLFnJkaN8Lsf4E&code_challenge_method=S256&prompt=none&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/bundle.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:b8f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-cache, no-store
cf-cache-status
DYNAMIC
cf-ray
763632bd6a7ebb97-FRA
content-encoding
br
content-type
text/html;charset=UTF-8
date
Tue, 01 Nov 2022 17:02:27 GMT
ot-baggage-auth0-request-id
763632bd6a7ebb97
ot-tracer-sampled
true
ot-tracer-spanid
79149d413a496da8
ot-tracer-traceid
71c72ac068c8af0f
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-000000000000000071c72ac068c8af0f-79149d413a496da8-01
tracestate
auth0-request-id=763632bd6a7ebb97,auth0=true
vary
Accept-Encoding
x-auth0-requestid
31d43ad80ff81fb57711
x-content-type-options
nosniff
x-ratelimit-limit
100
x-ratelimit-remaining
99
x-ratelimit-reset
1667322148
dc00cfbdb7522119fa25.woff
my.iconsavingsplan.com/ 		49 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/dc00cfbdb7522119fa25.woff
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-ed2fb57b-76c9-466f-bda6-fdcd8d65d2a8';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://my.iconsavingsplan.com/login
Origin
https://my.iconsavingsplan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-ed2fb57b-76c9-466f-bda6-fdcd8d65d2a8';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:28 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
50080
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 25 Oct 2022 19:22:45 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"c3a0-1841098df88"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
43ca1167cf4e0e44e101.woff
my.iconsavingsplan.com/ 		49 KB
53 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.iconsavingsplan.com/43ca1167cf4e0e44e101.woff
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/login
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
52.38.21.97 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-38-21-97.us-west-2.compute.amazonaws.com
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-17245843-163c-4859-b40f-3837a6dfbdd6';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Referer
https://my.iconsavingsplan.com/login
Origin
https://my.iconsavingsplan.com
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Content-Security-Policy
default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-17245843-163c-4859-b40f-3837a6dfbdd6';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Date
Tue, 01 Nov 2022 17:02:28 GMT
X-Content-Type-Options
nosniff
Strict-Transport-Security
max-age=15552000; includeSubDomains
Via
1.1 spaces-router (20b6d9bb7ac0)
X-Permitted-Cross-Domain-Policies
none
X-Dns-Prefetch-Control
off
Cross-Origin-Resource-Policy
same-origin
Content-Length
50332
X-Xss-Protection
0
Referrer-Policy
no-referrer
Last-Modified
Tue, 25 Oct 2022 19:22:45 GMT
Cross-Origin-Opener-Policy
same-origin
Etag
W/"c49c-1841098df88"
Expect-Ct
max-age=0
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
Content-Type
font/woff
Origin-Agent-Cluster
?1
Cache-Control
public, max-age=0
Accept-Ranges
bytes
Primary Request login
login.iconsavingsplan.com/
Redirect Chain
  • https://login.iconsavingsplan.com/authorize?client_id=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%...
  • https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWs...
6 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Requested by
Host: my.iconsavingsplan.com
URL: https://my.iconsavingsplan.com/bundle.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:b8f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ceff20a465b3ea2489ab037f6488b0e228acdad8291b8a4792fc2e99ee6e7ca4
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'none'
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options deny
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.iconsavingsplan.com/login
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
accept-language
de-DE,de;q=0.9

Response headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, max-age=0, no-transform
cf-cache-status
DYNAMIC
cf-ray
763632c3ed0c9136-FRA
content-security-policy
frame-ancestors 'none'
content-type
text/html; charset=utf-8
date
Tue, 01 Nov 2022 17:02:28 GMT
etag
W/"16a6-lYAcEhQXGzs6zpb0ZDzbFLhwZCY"
ot-baggage-auth0-request-id
763632c3ed0c9136
ot-tracer-sampled
true
ot-tracer-spanid
5c78e0aa445e228f
ot-tracer-traceid
56037a085edf226c
pragma
no-cache
referrer-policy
same-origin
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-000000000000000056037a085edf226c-5c78e0aa445e228f-01
tracestate
auth0-request-id=763632c3ed0c9136,auth0=true
vary
Accept-Encoding
x-auth0-requestid
c3776952531bb2ff5ab7
x-content-type-options
nosniff
x-frame-options
deny
x-ratelimit-limit
100
x-ratelimit-remaining
99
x-ratelimit-reset
1667322149
x-robots-tag
noindex, nofollow
x-xss-protection
1; mode=block

Redirect headers

alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
cache-control
no-store, max-age=0, no-transform
cf-cache-status
DYNAMIC
cf-ray
763632c14e299136-FRA
content-length
1414
content-type
text/html; charset=utf-8
date
Tue, 01 Nov 2022 17:02:28 GMT
location
/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
ot-baggage-auth0-request-id
763632c14e299136
ot-tracer-sampled
true
ot-tracer-spanid
4e3b37b367f3c2d3
ot-tracer-traceid
296536d6411d6e55
pragma
no-cache
server
cloudflare
strict-transport-security
max-age=31536000
traceparent
00-0000000000000000296536d6411d6e55-4e3b37b367f3c2d3-01
tracestate
auth0-request-id=763632c14e299136,auth0=true
vary
Accept, Accept-Encoding
x-auth0-requestid
b10f05fe6f5b66e3cbf1
x-content-type-options
nosniff
x-ratelimit-limit
100
x-ratelimit-remaining
99
x-ratelimit-reset
1667322149
metrics
api-iam.intercom.io/messenger/web/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/metrics
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.cecfaaa5.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.175.168.65 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-54-175-168-65.compute-1.amazonaws.com
Software
/
Resource Hash

Request headers

Referer
accept-language
de-DE,de;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36
Content-Type
application/x-www-form-urlencoded

Response headers
lock.min.js
cdn.auth0.com/js/lock/11.17/ 		795 KB
226 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.auth0.com/js/lock/11.17/lock.min.js
Requested by
Host: login.iconsavingsplan.com
URL: https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.32.105.49 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-32-105-49.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0f8e68c76fab28fb7da930f946e2d554571b6734cc05ee08eb8e4f3a97a32a2f

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

x-amz-version-id
hi3zScnv72rU04fcI9h3dRW1Lwphxkw4
content-encoding
gzip
via
1.1 23e8ec14db0917c91c2c733b45578890.cloudfront.net (CloudFront)
date
Tue, 01 Nov 2022 16:15:19 GMT
last-modified
Thu, 03 Oct 2019 19:51:13 GMT
server
AmazonS3
x-amz-cf-pop
FRA60-P1
age
2830
etag
W/"e95fa94aa7d56c51a2d045296a419f7c"
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
cache-control
max-age=10800,public
x-amz-replication-status
COMPLETED
x-amz-cf-id
Kvx7W0IjQr5HBrWBE7p9gACIofQXa_DZi-vLRonygmsPiQmSrYbtsg==
logo_teal.svg
iconsavingsplan-public.s3.us-west-2.amazonaws.com/production/images/ 		1 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://iconsavingsplan-public.s3.us-west-2.amazonaws.com/production/images/logo_teal.svg
Requested by
Host: login.iconsavingsplan.com
URL: https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.92.160.34 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
be6b7d303dfd0696447140aadfec5a1c18ef0c45abb048eb2d59e1b3e851db10

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

Date
Tue, 01 Nov 2022 17:02:30 GMT
x-amz-version-id
BZWNC8azU632rUCDl4T7XTC2Oeatnz8Y
Last-Modified
Fri, 14 Oct 2022 23:26:23 GMT
Server
AmazonS3
x-amz-request-id
GJHQVKCFR9XFB629
ETag
"649f3e21dfd076575727390ed7bf9cd3"
Content-Type
image/svg+xml
Accept-Ranges
bytes
Content-Length
1427
x-amz-id-2
DAqmT5nmO6tqef2VfVyXy288/f+DW52SI9xi8RN3D10PrWoWMVs4ENrnIoeDV0BEVuzwhXdbtGQ=
GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc.js
login.iconsavingsplan.com/client/ 		507 B
792 B 		Script
General
Check archive.org
Download Go to
Full URL
https://login.iconsavingsplan.com/client/GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc.js?t1667322149280
Requested by
Host: cdn.auth0.com
URL: https://cdn.auth0.com/js/lock/11.17/lock.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:b8f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
62318e23549df2337e3a9de34e3d05a46f1051afbea51bbc5f3c8c7b8bb49d44
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 17:02:29 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
MISS
tracestate
auth0-request-id=763632c909de9136
x-auth0-requestid
9a0b1836a2905c35913c
content-encoding
br
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
server
cloudflare
ot-tracer-sampled
true
traceparent
00-3e82e7f363900fb0-00000000000000004d0944827580d0f6-01
etag
W/"1fb-aB/qXBVVybur1HWmz4Aj3/H5JJA"
ot-tracer-traceid
4d0944827580d0f6
vary
Accept-Encoding
content-type
application/x-javascript; charset=utf-8
cache-control
public, max-age=60, stale-while-revalidate=60, stale-if-error=86400
ot-baggage-auth0-request-id
763632c909de9136
cf-ray
763632c909de9136-FRA
ot-tracer-spanid
3e82e7f363900fb0
ssodata
login.iconsavingsplan.com/user/ 		0
425 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://login.iconsavingsplan.com/user/ssodata
Requested by
Host: cdn.auth0.com
URL: https://cdn.auth0.com/js/lock/11.17/lock.min.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
2606:4700::6810:b8f8 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

accept-language
de-DE,de;q=0.9
Referer
https://login.iconsavingsplan.com/login?state=hKFo2SBvRHZPSUJqLWJORVZxOFg0R20xY1Q5aEdDNFdCdmVrU6FupWxvZ2luo3RpZNkgRHRuaVEzdF9nT24yeVlEc1dZSm42aU5FbndFbEVUWlKjY2lk2SBHZ1MxeWc4b3FwUE9ZeTFvSVUzSDIzVWsyOGtnUTFWYw&client=GgS1yg8oqpPOYy1oIU3H23Uk28kgQ1Vc&protocol=oauth2&audience=https%3A%2F%2Fapi.iconsavingsplan.com&redirect_uri=https%3A%2F%2Fmy.iconsavingsplan.com&scope=openid%20profile%20email%20offline_access&response_type=code&response_mode=query&nonce=XzhUOThJSjNnbmtOflZpZ0RWMDR0S3hTTzItc1FSck1aUmFvcH4xQzJJVg%3D%3D&code_challenge=XwD5rtwBWDkCgkGecUkQyDdLT6Fl1EKMMryYtdcT_7U&code_challenge_method=S256&auth0Client=eyJuYW1lIjoiYXV0aDAtc3BhLWpzIiwidmVyc2lvbiI6IjEuMjIuMSJ9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/107.0.5304.87 Safari/537.36

Response headers

date
Tue, 01 Nov 2022 17:02:30 GMT
strict-transport-security
max-age=31536000
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
tracestate
auth0-request-id=763632cc4a5a9136,auth0=true
x-auth0-requestid
b37b4182a5791f6a6cdb
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
0
server
cloudflare
ot-tracer-sampled
true
traceparent
00-00000000000000002169ef1f59068b7d-5e0fb5b43cbce677-01
ot-tracer-traceid
2169ef1f59068b7d
vary
Accept-Encoding
cache-control
private, no-store, no-cache, must-revalidate, post-check=0, pre-check=0, no-transform
ot-baggage-auth0-request-id
763632cc4a5a9136
cf-ray
763632cc4a5a9136-FRA
ot-tracer-spanid
5e0fb5b43cbce677

Verdicts & Comments Add Verdict or Comment

23 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation function| setImmediate function| clearImmediate object| Auth0 function| Auth0Lock function| Auth0LockPasswordless object| config undefined| connection object| languageDictionary undefined| language undefined| loginHint object| colors object| lock string| css object| style

8 Cookies

Domain/Path Name / Value
login.iconsavingsplan.com/usernamepassword/login Name: _csrf
Value: 5aqXWFfwjRCp4cATu275otHj
.iconsavingsplan.com/ Name: ajs_anonymous_id
Value: f2243339-a9e8-471f-9e78-81f6ff48f51b
.iconsavingsplan.com/ Name: intercom-id-jhrlzhsl
Value: 483e5faa-6084-478f-8fe5-7f03ed06423d
.iconsavingsplan.com/ Name: intercom-session-jhrlzhsl
Value:
login.iconsavingsplan.com/ Name: did
Value: s%3Av0%3Af6faab40-5a06-11ed-8559-df87b129d5f0.xZIRKeQ3WN0lEB0DqmUU%2FERnZiSXxLQD51%2BxwSA9I%2BA
login.iconsavingsplan.com/ Name: did_compat
Value: s%3Av0%3Af6faab40-5a06-11ed-8559-df87b129d5f0.xZIRKeQ3WN0lEB0DqmUU%2FERnZiSXxLQD51%2BxwSA9I%2BA
login.iconsavingsplan.com/ Name: auth0
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQO30sZ3d0ZlgHFia6tJJDZVgAFTuDeF4hHydYs-bQc45uHuSYc2s1BmDSgR7N1hHqzr3bLxpIJ7LSg4BXWzKEDemY29va2llg6dleHBpcmVz1_9U4IQAY2VFpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.LJiV9QOqE4QLWn1P9LEi2UxnreWz6n2yei0bInmWgSE
login.iconsavingsplan.com/ Name: auth0_compat
Value: s%3Av1.gadzZXNzaW9ugqZoYW5kbGXEQO30sZ3d0ZlgHFia6tJJDZVgAFTuDeF4hHydYs-bQc45uHuSYc2s1BmDSgR7N1hHqzr3bLxpIJ7LSg4BXWzKEDemY29va2llg6dleHBpcmVz1_9U4IQAY2VFpK5vcmlnaW5hbE1heEFnZc4PcxQAqHNhbWVTaXRlpG5vbmU.LJiV9QOqE4QLWn1P9LEi2UxnreWz6n2yei0bInmWgSE

1 Console Messages

Source Level URL
Text
network error URL: https://login.iconsavingsplan.com/user/ssodata
Message:
Failed to load resource: the server responded with a status of 404 ()

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' *.iconsavingsplan.com cdn.plaid.com;base-uri 'self';object-src 'none';script-src 'self' cdn.segment.com assets.customer.io widget.intercom.io https://app.intercom.io https://widget.intercom.io https://js.intercomcdn.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io https://static.zdassets.com *.plaid.com *.stripe.com 'nonce-b843b62f-3075-473e-8e7a-6a84dff3cc69';style-src 'unsafe-inline' 'self' 'unsafe-eval' maxcdn.bootstrapcdn.com fonts.gstatic.com;worker-src blob:;form-action 'self' https://intercom.help https://api-iam.intercom.io;font-src 'self' data: blob: https://js.intercomcdn.com http://fonts.intercomcdn.com fonts.gstatic.com;child-src 'self' blob: *.iconsavingsplan.com https://iconsavings-pre-production.us.auth0.com https://intercom-sheets.com https://www.intercom-reporting.com https://www.youtube.com https://player.vimeo.com https://fast.wistia.net *.plaid.com *.stripe.com;connect-src sentry.io *.sentry.io *.iconsavingsplan.com https://api.iconsavingsplan.com https://private-backend-api-stage.herokuapp.com https://private-backend-api-pre.herokuapp.com api.segment.io cdn.segment.com https://api.intercom.io https://api-iam.intercom.io https://api-ping.intercom.io https://nexus-websocket-a.intercom.io https://nexus-websocket-b.intercom.io wss://nexus-websocket-a.intercom.io wss://nexus-websocket-b.intercom.io https://uploads.intercomcdn.com https://uploads.intercomusercontent.com https://ekr.zdassets.com https://iconsavingsplan-staging.zendesk.com wss://widget-mediator.zopim.com https://iconsavingsuploads-staging.s3.us-west-2.amazonaws.com https://iconsavingsuploads-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.plaid.com *.stripe.com;media-src 'self' https://js.intercomcdn.com video-messages.intercomcdn.com https://static.zdassets.com *.iconsavingsplan.com;img-src 'self' track.customer.io blob: data: https://i.ytimg.com https://js.intercomcdn.com https://static.intercomassets.com https://downloads.intercomcdn.com https://uploads.intercomusercontent.com https://gifs.intercomcdn.com https://video-messages.intercomcdn.com https://messenger-apps.intercom.io https://*.intercom-attachments-1.com https://*.intercom-attachments-2.com https://*.intercom-attachments-3.com https://*.intercom-attachments-4.com https://*.intercom-attachments-5.com https://*.intercom-attachments-6.com https://*.intercom-attachments-7.com https://*.intercom-attachments-8.com https://*.intercom-attachments-9.com https://iconsavingsplan-account-document-staging.s3.us-west-2.amazonaws.com https://iconsavingsplan-account-document-production.s3.us-west-2.amazonaws.com https://icon-service-workspace-staging.s3.us-west-2.amazonaws.com https://icon-service-workspace-production.s3.us-west-2.amazonaws.com *.iconsavingsplan.com https://intercom-sheets.com;frame-src *.stripe.com *.youtube.com *.iconsavingsplan.com *.plaid.com https://intercom-sheets.com *.intercom-sheets.com https://iconsavingsplan-public.s3-us-west-2.amazonaws.com;report-uri https://o314901.ingest.sentry.io/api/5652732/security/?sentry_key=20958cc919924d73b066654817e8b8b7;block-all-mixed-content;frame-ancestors 'self';script-src-attr 'none'
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
api.segment.io
cdn.auth0.com
cdn.plaid.com
cdn.segment.com
iconsavingsplan-public.s3.us-west-2.amazonaws.com
js.intercomcdn.com
js.stripe.com
login.iconsavingsplan.com
maxcdn.bootstrapcdn.com
my.iconsavingsplan.com
o314901.ingest.sentry.io
widget.intercom.io
108.138.17.127
13.32.105.49
151.101.128.176
2606:4700::6810:b8f8
2606:4700::6812:bcf
34.120.195.249
44.240.39.179
52.38.21.97
52.92.160.34
54.175.168.65
65.9.66.20
99.86.4.109
99.86.8.175
041cccf58bcaf80e8c076b0c7088052549ae9e190f380ba3796965195a795b15
0d0d5e369941b4582bfce6bf16dd4e0061043af62930abdf47ddd14e25239d1d
0f8e68c76fab28fb7da930f946e2d554571b6734cc05ee08eb8e4f3a97a32a2f
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1d1b0575a42017137b73769b9faaa8bc4e15ae367fba7d3846933bfe5f49cd44
23fe8a465af76f8b7f6057b0e54c1c8344f107b2219fb6ca21a5b53795bb97fe
41944135c1077f57775e385adf54ee88cfc4da8204c7087b02e1be0a11978318
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453f401874219c551ef7792d0141bd8147fb0d731970a706607c0b64ec695bc9
5fee0426efe60d73e8cab870d33215a08597deb50d43ca86a42e7d0049bb47e0
60b19e5da6a9234ff9220668a5ec1125c157a268513256188ee80f2d2c8d8d36
62318e23549df2337e3a9de34e3d05a46f1051afbea51bbc5f3c8c7b8bb49d44
6fb120150e6ebe47b2661b4a1b5feaa405bbdaa65bce1560a3a1461b17824d49
80a0e07f59d956de9a749beb99a98e16a9d30735036f6eccf698a5c7d6e8bd80
8662518f3cf388e224af966c9ac7fbdeea800362352e7cd7ae1d5200155d7e4f
a856c49200096e83ed1a3612d4b4fcb1961a1f66f1a5f78c19bb71e31b98d221
ad233c3df88276b3af3f6e84a832360fe3454c831172b9086047d3440669f3b8
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
bd1c444477e35252629cfd656b1370d2c15f3774b8afbad53913e63dadf15c63
be6b7d303dfd0696447140aadfec5a1c18ef0c45abb048eb2d59e1b3e851db10
c22511d6a268e93656154c9c570108fe6d43f5f2a5d81aabdae1768fc254c3a0
ca9a6b24c7e42757affde99240692f85b8b3b7b2b83ce137bb6e3fb9d17628c0
caf4e457c0bf8766c5569d2ddf0eb3c75f93832d10c739688c986e9c8c1d7b7e
cbd8119b6914d83e85bf54910edffd8ec60a9835d5713caaf8b3f46f08663b89
ceff20a465b3ea2489ab037f6488b0e228acdad8291b8a4792fc2e99ee6e7ca4
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e71e6ab1ec4a7beaba512496b808900a9710d13a3b3fa0e8934b63df55aeac49
e8771b238c60c36fc935fd2dad0aed6e70cea50a635ff4f89f394a968a258c42
e9e10ed96b6c0d0953b642a630feb6ed426434969a704b9c2dc73941965b0376
eaa043ec0724e95ae033169f32402f853b7f5e35969583bcc12ef367997ad805
f17f078ea883fbe048f75ab5e7371c081cbd7d85ec5d91d443512d1ecd63dfb3