urlscan.io logo urlscan.io
SecurityTrails logo

citicards.citi.com Open in urlscan Pro
35.190.22.40  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://searscard.com/
Effective URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Submission Tags: tranco_l324
Submission: On April 18 via api from DE — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 11 IPs in 3 countries across 11 domains to perform 40 HTTP transactions. The main IP is 35.190.22.40, located in Kansas City, United States and belongs to GOOGLE, US. The main domain is citicards.citi.com. The Cisco Umbrella rank of the primary domain is 204468.
TLS certificate: Issued by DigiCert EV RSA CA G2 on March 20th 2024. Valid for: a year.
This is the only time citicards.citi.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 192.193.219.66 32287 (SOLANA-CI...)
16 35.190.22.40 15169 (GOOGLE)
2 34.107.138.236 396982 (GOOGLE-CL...)
1 1 23.201.248.34 16625 (AKAMAI-AS)
2 2600:9000:249... 16509 (AMAZON-02)
10 3.124.173.63 16509 (AMAZON-02)
1 2 142.250.185.198 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 108.138.26.5 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a03:2880:f17... 32934 (FACEBOOK)
3 104.17.209.240 13335 (CLOUDFLAR...)
40 11
1    192.193.219.66 (New York, United States)

ASN32287 (SOLANA-CITIPLEX, US)
PTR: www.argentina.citigold.citibank.com
searscard.com
16    35.190.22.40 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 40.22.190.35.bc.googleusercontent.com
citicards.citi.com
citi.bridgetrack.com
2    34.107.138.236 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 236.138.107.34.bc.googleusercontent.com
cdn.digitalmarketing.citibankonline.com
sec-citi.bridgetrack.com
1    23.201.248.34 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a23-201-248-34.deploy.static.akamaitechnologies.com
cloud.typography.com
2    2600:9000:2491:5800:2:8f43:5780:93a1 (United States)

ASN16509 (AMAZON-02, US)
nexus.ensighten.com
10    3.124.173.63 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
tagmanager1.citi.com
data.privacy.ensighten.com
2    142.250.185.198 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s52-in-f6.1e100.net
6397054.fls.doubleclick.net
2    2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    108.138.26.5 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-26-5.fra56.r.cloudfront.net
nexus.ensighten.com
1    2a00:1450:4001:813::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2a03:2880:f176:181:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    104.17.209.240 (None, )

ASN13335 (CLOUDFLARENET, US)
zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com
siteintercept.qualtrics.com
Apex Domain
Subdomains		 Transfer
22 citi.com
citicards.citi.com — Cisco Umbrella Rank: 204468
tagmanager1.citi.com — Cisco Umbrella Rank: 47682
213 KB
7 ensighten.com
nexus.ensighten.com — Cisco Umbrella Rank: 3879
data.privacy.ensighten.com — Cisco Umbrella Rank: 10003
154 KB
3 qualtrics.com
zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com — Cisco Umbrella Rank: 62754
siteintercept.qualtrics.com — Cisco Umbrella Rank: 922
27 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
71 KB
2 doubleclick.net
6397054.fls.doubleclick.net — Cisco Umbrella Rank: 683942
574 B
2 bridgetrack.com
sec-citi.bridgetrack.com — Cisco Umbrella Rank: 412066
citi.bridgetrack.com — Cisco Umbrella Rank: 155772
272 KB
1 facebook.com
www.facebook.com — Cisco Umbrella Rank: 97
274 B
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
74 KB
1 typography.com
cloud.typography.com — Cisco Umbrella Rank: 7999
443 B
1 citibankonline.com
cdn.digitalmarketing.citibankonline.com — Cisco Umbrella Rank: 73808
8 KB
1 searscard.com
searscard.com — Cisco Umbrella Rank: 620823
306 B
40 11
Domain Requested by
15 citicards.citi.com nexus.ensighten.com
citicards.citi.com
7 tagmanager1.citi.com nexus.ensighten.com
4 nexus.ensighten.com citicards.citi.com
nexus.ensighten.com
3 data.privacy.ensighten.com citicards.citi.com
2 siteintercept.qualtrics.com nexus.ensighten.com
2 connect.facebook.net nexus.ensighten.com
2 6397054.fls.doubleclick.net 1 redirects nexus.ensighten.com
1 zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com nexus.ensighten.com
1 www.facebook.com citicards.citi.com
1 citi.bridgetrack.com citicards.citi.com
1 www.googletagmanager.com nexus.ensighten.com
1 sec-citi.bridgetrack.com citicards.citi.com
1 cloud.typography.com 1 redirects
1 cdn.digitalmarketing.citibankonline.com citicards.citi.com
1 searscard.com 1 redirects
40 15

This site contains links to these domains. Also see Links.

Domain
www.sears.com
www.shopyourway.com
online.citi.com
citi.bridgetrack.com
Subject Issuer Validity Valid
citicards.citi.com
DigiCert EV RSA CA G2		 2024-03-20 -
2025-04-15		 a year crt.sh
cdn.digitalmarketing.citibankonline.com
DigiCert EV RSA CA G2		 2024-04-11 -
2025-05-12		 a year crt.sh
nexus.ensighten.com
Amazon RSA 2048 M02		 2023-09-29 -
2024-10-27		 a year crt.sh
tagmanager1.citi.com
DigiCert EV RSA CA G2		 2023-08-21 -
2024-09-20		 a year crt.sh
*.doubleclick.net
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-01-26 -
2024-04-25		 3 months crt.sh
*.privacy.ensighten.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-02-02 -
2025-02-19		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-18 -
2024-06-10		 3 months crt.sh
citi.bridgetrack.com
Thawte EV RSA CA G2		 2024-04-08 -
2025-05-09		 a year crt.sh
*.qualtrics.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-27 -
2025-02-19		 a year crt.sh

This page contains 2 frames:

Primary Page: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Frame ID: 99BAF3DD817A918E2B333180037AF7EE
Requests: 42 HTTP requests in this frame

Frame: https://6397054.fls.doubleclick.net/activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47
Frame ID: 18D107DD16AF0CFADA166975A41585CB
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Apply for a Sears Credit Card or a Sears Mastercard®

Page URL History Show full URLs

  1. http://searscard.com/ HTTP 307
    https://searscard.com/ HTTP 307
    http://searscard.com/ HTTP 301
    https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js
Overall confidence: 100%
Detected patterns
  • //nexus\.ensighten\.com/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js

Page Statistics

40
Requests

98 %
HTTPS

33 %
IPv6

11
Domains

15
Subdomains

11
IPs

3
Countries

849 kB
Transfer

1984 kB
Size

12
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://searscard.com/ HTTP 307
    https://searscard.com/ HTTP 307
    http://searscard.com/ HTTP 301
    https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 1
  • https://cloud.typography.com/7919714/6255752/css/fonts.css HTTP 302
  • https://sec-citi.bridgetrack.com/fonts/576019/BE6410757169DC012.css
Request Chain 9
  • https://6397054.fls.doubleclick.net/activityi;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47 HTTP 302
  • https://6397054.fls.doubleclick.net/activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47

40 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request home.htm
citicards.citi.com/crs/searscard/
Redirect Chain
  • http://searscard.com/
  • https://searscard.com/
  • http://searscard.com/
  • https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
146 KB
61 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
92519f46c59dcb7eccdf8f728d0b343913039ea248e025748acb7a4d22996046
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private
content-encoding
gzip
content-length
61666
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
content-type
text/html
date
Thu, 18 Apr 2024 05:03:15 GMT
expires
Wed, 17 Apr 2024 05:03:16 GMT
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
referrer-policy
strict-origin-when-cross-origin
strict-transport-security
max-age=31536000; includeSubDomains
vary
Accept-Encoding
via
1.1 google
x-content-type-options
nosniff
x-xss-protection
1; mode=block

Redirect headers

Connection
Keep-Alive
Content-Length
313
Content-Type
text/html; charset=iso-8859-1
Date
Thu, 18 Apr 2024 05:03:16 GMT
Keep-Alive
timeout=5, max=500
Location
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
cookie.pref.js
cdn.digitalmarketing.citibankonline.com/dmar/js/ 		8 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.digitalmarketing.citibankonline.com/dmar/js/cookie.pref.js
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
cd1a0f83657d048ed6c7656440860ec772ce1a56277c3f51a0d719aa95f93c8d
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 18:59:25 GMT
via
1.1 google
x-content-type-options
nosniff
last-modified
Fri, 11 Dec 2020 20:47:53 GMT
cross-origin-opener-policy
same-origin
age
727431
content-type
application/javascript
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7719
x-xss-protection
0
BE6410757169DC012.css
sec-citi.bridgetrack.com/fonts/576019/
Redirect Chain
  • https://cloud.typography.com/7919714/6255752/css/fonts.css
  • https://sec-citi.bridgetrack.com/fonts/576019/BE6410757169DC012.css
255 KB
272 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://sec-citi.bridgetrack.com/fonts/576019/BE6410757169DC012.css
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Server
34.107.138.236 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
236.138.107.34.bc.googleusercontent.com
Software
/
Resource Hash
3200c24a4f1e45e7940c22d98e4e997f7f01793738e6eff51d5f27f7c5c931f7
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://citicards.citi.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

date
Wed, 17 Apr 2024 09:10:51 GMT
via
1.1 google
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Mon, 10 Feb 2020 17:26:36 GMT
cross-origin-opener-policy
same-origin
age
71546
vary
Accept-Encoding
content-type
text/css
cache-control
public, max-age=31536000
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0

Redirect headers

Date
Thu, 18 Apr 2024 05:03:17 GMT
Last-Modified
Thu, 25 May 2017 17:15:32 GMT
Server
AkamaiNetStorage
X-HCo-pid
16
ETag
"0bd1fb075a7a6bc54b1b6ae53aa13fc8:1495732532"
Content-Type
text/html
Location
https://sec-citi.bridgetrack.com/fonts/576019/BE6410757169DC012.css
Cache-Control
must-revalidate, private
Connection
keep-alive
Content-Length
154
Expires
Thu, 18 April 2024 05:03:17 GMT
Bootstrap.js
nexus.ensighten.com/citi/na_fsn_prod/ 		443 KB
96 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:5800:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
92fec5a1cbeb8d2da5cd4b07228a5bfacfc91f44358f0656c5b826d279e9f3cc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 04 Mar 2024 13:10:19 GMT
x-amz-version-id
taIEUs1EQz4aJEioWuzerYRCcUgPxJUc
content-encoding
br
via
1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P7
age
3858778
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
PENDING
alt-svc
h3=":443"; ma=86400
last-modified
Mon, 04 Mar 2024 13:09:58 GMT
server
CloudFront
etag
W/"6dd7b128287cc7d24ecc42876ce1f07e"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=300
x-amz-cf-id
tT-EOLssZz6spehDxgKCdTw-ta6DcvUZxbCzzwfzalo8UwMO6hGuuw==
cc
tagmanager1.citi.com/pc/citi/ 		23 B
398 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/pc/citi/cc?ensDisableTracking=user&output=ip
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
1093953df3a199c19b12e687ae5764d08b219e8564a8391b1db31cd8d05000be

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 18 Apr 2024 05:03:18 GMT
content-encoding
gzip
server
nginx
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json;charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
*
cache-control
no-cache, no-store, must-revalidate
x-ens-event-id
c8d1f160-0e53-4f56-804a-5218e32b8d79
access-control-allow-headers
*
expires
Thu, 01 Jan 1970 00:00:00 GMT
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ 		2 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
server
nginx
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
content-length
2
apigw-requestid
WZ9vgjHnliAEJ0Q=
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ 		2 B
216 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
server
nginx
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
content-length
2
apigw-requestid
WZ9vgiLDliAEJtw=
serverComponent.php
nexus.ensighten.com/citi/na_fsn_prod/ 		681 B
1013 B 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_fsn_prod/serverComponent.php?namespace=Bootstrapper&staticJsPath=nexus.ensighten.com/citi/na_fsn_prod/code/&publishedOn=Mon%20Mar%2004%2013:09:43%20GMT%202024&ClientID=1129&PageID=https%3A%2F%2Fciticards.citi.com%2Fcrs%2Fsearscard%2Fhome.htm%3FBT_TX%3D1%26ProspectID%3D86C11ED05D7A4EC4A80C72D2781687FD
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2491:5800:2:8f43:5780:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
CloudFront /
Resource Hash
5c245166865b5b67951c894820c62914d5ab38ae5a15fe0d153d039ca2c712f8

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
via
1.1 a811170f30183becd909b501e545e756.cloudfront.net (CloudFront)
server
CloudFront
x-amz-cf-pop
FRA56-P7
x-cache
Miss from cloudfront
content-type
text/javascript
cache-control
no-cache, no-store
alt-svc
h3=":443"; ma=86400
content-length
681
x-amz-cf-id
uzHWKVIV1_iqtSRnh24wDEk_p13_gISGG5HjJdcxjWkhF_Pol-xTyA==
expires
Thu, 18 Apr 2024 05:03:17 GMT
0.bundle.js
citicards.citi.com/crs/searscard/js/ 		16 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/crs/searscard/js/0.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
025c8e86b593c3cda586cd916757e6ade0ed48d58d11809f0336c9256e565f6d
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6687
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 11 Aug 2021 15:55:12 GMT
etag
"0308744c98ed71:0"
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
3.bundle.js
citicards.citi.com/crs/searscard/js/ 		11 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/crs/searscard/js/3.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
edf7faede0cca7c11de00a582f629b1562cee004000f0db71c98b79e172049ed
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3216
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 30 Aug 2023 21:33:31 GMT
etag
"8087139f89dbd91:0"
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47
6397054.fls.doubleclick.net/ Frame 18D1
Redirect Chain
  • https://6397054.fls.doubleclick.net/activityi;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47?
  • https://6397054.fls.doubleclick.net/activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47?
0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://6397054.fls.doubleclick.net/activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47?
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
142.250.185.198 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s52-in-f6.1e100.net
Software
cafe /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=21600
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Accept-Language
de-DE,de;q=0.9;q=0.9
Referer
https://citicards.citi.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
private, max-age=0
content-encoding
br
content-length
948
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Apr 2024 05:03:18 GMT
expires
Thu, 18 Apr 2024 05:03:18 GMT
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0

Redirect headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, must-revalidate
content-length
0
content-type
text/html; charset=UTF-8
cross-origin-resource-policy
cross-origin
date
Thu, 18 Apr 2024 05:03:18 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown
1
location
https://6397054.fls.doubleclick.net/activityi;dc_pre=CNnXyJ3-yoUDFaPVOwIdM9kE8A;src=6397054;type=sears0;cat=sears00c;dc_lat=;dc_rdid=;tag_for_child_directed_treatment=;ord=6808719341010.47?
p3p
policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma
no-cache
server
cafe
strict-transport-security
max-age=21600
timing-allow-origin
*
x-content-type-options
nosniff
x-xss-protection
0
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
85f407912384186334577f65bf6bb88045bd96f5222d7c696cc71303d65c826a
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 18 Apr 2024 05:03:18 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=18, rtx=0, c=12, mss=1294, tbw=2762, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
k7NDPFOqmn/jFz/TteAfAtiC/hJ/EkKQdMmwel1aYEMsJGPECNc/f4tP5PlS+HSl0cXnM8p1r++RYeM/K90Syw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=0&c=1129&i=6agwro&p=na_fsn_prod&s=339&d=8HR7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfZnNuX3Byb2QiLCJpbnN0YW5jZUlkIjoiNmFnd3JvIiwicGFja2V0IjowLCJtb2RlIjoiZW5mb3JjZV4A8TBvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdGm_APAZIiwidHlwZSI6ImJpbGxpbmciLCJzdGFydCI6MTcxMzQxNjU5ODIzMmIAwGQiOi0xLCJzb3VyYzIAAisAYXR1cyI6ImYAQGFzb25lANRdLCJkYXRhUGF0dGVyEgCwbGlzdCI6W10sImkRAfAANzEzNDE2NTk4MjMyfV19
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
cache-control
no-cache, no-store
server
nginx
expires
Thu, 18 Apr 2024 05:03:17 GMT
r.rnc
data.privacy.ensighten.com/privacy/v1/c/ 		0
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.privacy.ensighten.com/privacy/v1/c/r.rnc?n=0&c=1129&i=7g6n03&p=na_fsn_prod&s=449&d=9Cd7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjkQAPAeTmFtZSI6ImNpdGkiLCJwdWJsaXNoUGF0aCI6Im5hX2Zzbl9wcm9kIiwibW9kKgCQYmxhY2tsaXN0UwDwH29va2llcyI6eyJDSVRJX0VOU0lHSFRFTl9QUklWQUNZX0JBTk5FUl9MT0FERUShAPEPIn0sImR0IjoxNzEzNDE2NTk4MjM3LCJzZXR0aW5nSwDxKm1vZGFsIjoiZW50ZXJwcmlzZSIsImVudmlyb25tZW50IjoiQ0JPTCBQcml2YWN5IiwiZGVmYXVsdD4A9AhQZXJmb3JtYW5jZS1BbmFseXRpY3MgQ6oA-QgxLCJFc3NlbnRpYWwtRnVuY3Rpb25hbCEA8AJBZHZlcnRpc2luZy1UYXJnZZsAByIAgH19LCJldmVucQAiW3sLAABEAQFkAGBDaGFuZ2UxAQ_nAAAFDwHAQURFRCI6IjEifV19
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
cache-control
no-cache, no-store
server
nginx
expires
Thu, 18 Apr 2024 05:03:17 GMT
c14ce7f770a4ca6bd89625878f1b24c3.js
nexus.ensighten.com/citi/na_fsn_prod/code/ 		193 KB
43 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_fsn_prod/code/c14ce7f770a4ca6bd89625878f1b24c3.js?conditionId0=421908
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.26.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-5.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
19d1c531eb28e6874db28743d5b045632c45a745ab42e7d75ec21349d6816ded

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 27 Aug 2023 20:04:06 GMT
x-amz-version-id
4c8eEnP2h.jaYnIyQcLZDEXaDi1Q.Kc2
content-encoding
gzip
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
age
20249953
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 03 May 2023 15:42:28 GMT
server
CloudFront
etag
W/"48542998502ddcedebfda148490114f9"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
sL5KBSS5sdcCb2BNpNtC1Gr02NnqPYcElabWgon5JJ3O7zoKbdrUsQ==
dcbdb4a98b00f84dac2d9dff41e49818.js
nexus.ensighten.com/citi/na_fsn_prod/code/ 		133 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://nexus.ensighten.com/citi/na_fsn_prod/code/dcbdb4a98b00f84dac2d9dff41e49818.js?conditionId0=351524
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
108.138.26.5 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-26-5.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
39a56d4070fe6db54078e4b414c2cf1b24f946c115d23b50bde8d03f4ceebc6f

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 25 Jul 2023 02:01:38 GMT
x-amz-version-id
ILzSL1GCg6Y4yV2LPbZuwXGsIEojg.Xu
content-encoding
gzip
via
1.1 df327bd0c8709a81ade8602ac9ef16e0.cloudfront.net (CloudFront)
age
23166101
x-amz-cf-pop
FRA56-P7
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
alt-svc
h3=":443"; ma=86400
last-modified
Wed, 03 May 2023 15:42:28 GMT
server
CloudFront
etag
W/"f7f5d4af0fa5f8ea29be874c1c62cf15"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
max-age=315360000
x-amz-cf-id
jHemnr-tv0UZd1iSqWKLALTfeD11j0QsNL2SnFp0NddPgXlteyeIvQ==
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab?returnValues=ALL_NEW
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Method
PUT
Origin
https://citicards.citi.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
*
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
access-control-allow-origin
*
access-control-max-age
1728000
content-length
0
content-type
text/plain; charset=utf-8
date
Thu, 18 Apr 2024 05:03:18 GMT
server
nginx
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ 		994 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab?returnValues=ALL_NEW
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
757ca718f8b15c647ae0cf80d575d88f57d6742ef9c83550557104d5a9ed1edc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
server
nginx
x-ens-one-is-anonymous
true
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
content-length
994
x-ens-one-ttl
1721192598
apigw-requestid
WZ9vhiucFiAEJhA=
js
www.googletagmanager.com/gtag/ 		205 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=DC-4246576&l=gtagDataLayer
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:813::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e5ebfd5e743dbba913639c01e59057c7588937b878537cd851235fed0b621582
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
75482
x-xss-protection
0
last-modified
Thu, 18 Apr 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Thu, 18 Apr 2024 05:03:18 GMT
1781982108516082
connect.facebook.net/signals/config/ 		53 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/1781982108516082?v=2.9.154&r=stable&domain=citicards.citi.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ae4b18ebaf8aa940f51c537f1c63daa29a6586dcd8ec33ae927fd3c64849e34c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Thu, 18 Apr 2024 05:03:18 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=23, rtx=0, c=64, mss=1294, tbw=63177, tp=-1, tpl=-1, uplat=123, ullat=0
pragma
public
x-fb-debug
JWC4u5oG+o5QRpl2GbnEv+7RyXRfy4inEimPjODg/hAtTHBpQ3a/D683vJ+cqvYo4WVxmhPEgIqD71nOeTDf2Q==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
5.bundle.js
citicards.citi.com/crs/searscard/js/ 		19 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/crs/searscard/js/5.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
127030d7070fb45aac3ae4c5cae35e40195b1a4d8c3ba732d695f926a68ed159
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7343
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Wed, 11 Aug 2021 15:55:12 GMT
etag
"0308744c98ed71:0"
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
2.bundle.js
citicards.citi.com/crs/searscard/js/ 		44 KB
10 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/crs/searscard/js/2.bundle.js
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
75544ef69f4505695c3730186f8d10e99c782b1d65c53d10042c6079a7a64f5a
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
content-encoding
gzip
via
1.1 google
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9776
x-xss-protection
1; mode=block
referrer-policy
strict-origin-when-cross-origin
last-modified
Tue, 29 Aug 2023 16:29:45 GMT
etag
"80e21e596dad91:0"
vary
Accept-Encoding
content-type
application/javascript
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ 		994 B
777 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
757ca718f8b15c647ae0cf80d575d88f57d6742ef9c83550557104d5a9ed1edc

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
content-encoding
gzip
server
nginx
x-ens-one-is-anonymous
true
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
x-ens-one-ttl
1721192598
apigw-requestid
WZ9vkiu5liAEJhA=
SYW-MC.png
citicards.citi.com/crs/searscard/images/ 		7 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/SYW-MC.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
b8ea714ec80bddb6f87aac6f0cb6ef82460a83a02f5852386de335af54e3aa05
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Mon, 03 May 2021 20:17:12 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0d4114d5940d71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
7644
x-xss-protection
1; mode=block
Sears.png
citicards.citi.com/crs/searscard/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/Sears.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
454c455c7827f2aa934809c0e17855dcbddc22e695ce490f334e6d194a043b24
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Wed, 11 Aug 2021 15:55:14 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"05db845c98ed71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8150
x-xss-protection
1; mode=block
SearsMCTY.png
citicards.citi.com/crs/searscard/images/ 		6 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/SearsMCTY.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
1688b43815570851784814c451a4d36cf8f31da1c2cd2b6bf348dfd2aa7fc7e3
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Wed, 11 Aug 2021 15:55:14 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"05db845c98ed71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6278
x-xss-protection
1; mode=block
SearsMC.png
citicards.citi.com/crs/searscard/images/ 		8 KB
8 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/SearsMC.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
8e450dd11643397584755a14b0849ac0870b163b97ba8438810b4ae0c129145f
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Mon, 03 May 2021 20:17:12 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0d4114d5940d71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
8604
x-xss-protection
1; mode=block
SearsHI.png
citicards.citi.com/crs/searscard/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/SearsHI.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
06a71477117b9dc54f829150b74fe54814be95714f2bfb97613beade94fa0155
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Wed, 11 Aug 2021 15:55:14 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"05db845c98ed71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9208
x-xss-protection
1; mode=block
stacked-cards.jpg
citicards.citi.com/crs/searscard/images/ 		9 KB
9 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/stacked-cards.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
fa1c6b3cec940b20a70ea65995f9b194f65a17fa30c4fbfcdf718ac3e4a70a16
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Wed, 19 Apr 2023 18:20:44 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0a6aaa7eb72d91:0"
content-type
image/jpeg
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
9279
x-xss-protection
1; mode=block
/
citi.bridgetrack.com/track/ 		43 B
607 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citi.bridgetrack.com/track/?id=61399&r=60043409.37166952
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
content-type
image/GIF
p3p
CP="NON DSP COR DEVa PSAa IVAo CONo OUR IND UNI PUR NAV DEM LOC", policyref="http://citi.bridgetrack.com/w3c/p3p.xml"
cache-control
private
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
43
expires
Wed, 17 Apr 2024 05:03:18 GMT
icons.png
citicards.citi.com/crs/searscard/images/ 		34 KB
34 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/icons.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
f11ea944f935eaf7b38e1e6a064214c4d137f305bc49a11d46ab95a4807bba16
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Wed, 11 Aug 2021 15:55:12 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0308744c98ed71:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35263
x-xss-protection
1; mode=block
pattern-bg.png
citicards.citi.com/crs/searscard/images/ 		4 KB
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/pattern-bg.png
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
21e26da44ece6dd7e34dea386e0a00a775bc16223bf0b9b8b9b9fda57f5f3245
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Mon, 10 Feb 2020 17:53:46 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0716ea3be0d51:0"
content-type
image/png
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
4365
x-xss-protection
1; mode=block
blur-bkgrd.jpg
citicards.citi.com/crs/searscard/images/ 		32 KB
32 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://citicards.citi.com/crs/searscard/images/blur-bkgrd.jpg
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
3678c9e8b08abd743264e34dfa10643cd76b677e72adcf07df80d387e79422ea
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
referrer-policy
strict-origin-when-cross-origin
content-security-policy
frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
last-modified
Mon, 10 Feb 2020 17:53:40 GMT
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; includeSubDomains
etag
"0eada63be0d51:0"
content-type
image/jpeg
permissions-policy
fullscreen=(self "https://*.citi.com" "https://*.bridgetrack.com" "https://www.youtube.com" "https://cdn.digitalmarketing.citibankonline.com"), geolocation=(self "https://*.citi.com" "https://*.bridgetrack.com"), camera=()
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
33224
x-xss-protection
1; mode=block
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c

Request headers

Referer
Origin
https://citicards.citi.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff2
truncated
/ 		11 KB
11 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393

Request headers

Referer
Origin
https://citicards.citi.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff2
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c

Request headers

Referer
Origin
https://citicards.citi.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff2
truncated
/ 		4 KB
4 KB 		Font
General
Check archive.org
Download Go to
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70

Request headers

Referer
Origin
https://citicards.citi.com
Accept-Language
de-DE,de;q=0.9;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36

Response headers

Content-Type
application/x-font-woff2
7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
tagmanager1.citi.com/one/v1/profiles/ 		994 B
780 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tagmanager1.citi.com/one/v1/profiles/7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab?returnValues=ALL_NEW
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
04e91b429a89ee4b7f805692047405f1f1b7b2d62b806810b15e5efe610edb02

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
content-encoding
gzip
server
nginx
x-ens-one-is-anonymous
true
vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, DELETE, OPTIONS
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
*
access-control-allow-headers
*
x-ens-one-ttl
1721192598
apigw-requestid
WZ9vkiOcFiAEJnA=
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=1781982108516082&ev=PageView&dl=https%3A%2F%2Fciticards.citi.com&rl=&if=false&ts=1713416598588&sw=1600&sh=1200&v=2.9.154&r=stable&ec=0&o=4124&fbp=fb.1.1713416598586.1449299836&pm=1&hrl=c71229&ler=empty&cdl=API_unavailable&it=1713416598362&coo=false&cs_cc=1&rqm=GET
Requested by
Host: citicards.citi.com
URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f176:181:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-fb-connection-quality
EXCELLENT; q=0.9, rtt=17, rtx=0, c=10, mss=1294, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Thu, 18 Apr 2024 05:03:18 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com/SIE/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com/SIE/?Q_ZID=ZN_3aqBinqfptMRq5w
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
377150c74bd48ee0098ffb395542b657f6e9eafbd71c63d9fc19ff012fbcd526
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
185143
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"26bb-Ufh6c/8zW4RNc3gsaMlrnyrapxY"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=3600, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
cf-ray
87621b8f1f151c3c-FRA
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
timing-allow-origin
*
favicon.ico
citicards.citi.com/ 		2 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://citicards.citi.com/favicon.ico
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.190.22.40 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
40.22.190.35.bc.googleusercontent.com
Software
/
Resource Hash
3ceb6abdaf923b247b264301b13f3c177e976add13d557a07c6edd4d680cbf6e

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:17 GMT
via
1.1 google
last-modified
Tue, 21 Sep 2004 14:41:39 GMT
etag
"1c80ad1ae99fc41:0"
content-type
image/x-icon
accept-ranges
bytes
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2550
12.00593e070a6f1562a8b4.chunk.js
siteintercept.qualtrics.com/dxjsmodule/ 		73 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/dxjsmodule/12.00593e070a6f1562a8b4.chunk.js?Q_CLIENTVERSION=2.4.0&Q_CLIENTTYPE=web&Q_BRANDID=citicards.citi.com
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
773476fc4041f913eb57d338efa749e0c2b63828f086c83da65c3d3aeb51fa73
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:18 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
HIT
content-encoding
br
age
181577
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
edge-control
max-age=604800
referrer-policy
strict-origin-when-cross-origin
last-modified
Mon, 01 Apr 2024 18:13:43 GMT
server
cloudflare
etag
W/"125c9-18e9addfbd8"
vary
Accept-Encoding
content-type
application/javascript
access-control-allow-origin
*
cache-control
public, max-age=604800, s-maxage=604800
permissions-policy
camera=(), geolocation=(), microphone=()
timing-allow-origin
*
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept
cf-ray
87621b8f8fbe1c3c-FRA
Targeting.php
siteintercept.qualtrics.com/WRSiteInterceptEngine/ 		2 KB
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://siteintercept.qualtrics.com/WRSiteInterceptEngine/Targeting.php?Q_ZoneID=ZN_3aqBinqfptMRq5w&Q_CLIENTVERSION=2.4.0&Q_CLIENTTYPE=web
Requested by
Host: nexus.ensighten.com
URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.17.209.240 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
98385b653a896d567b921203f83141cff048cd35a7c8278edbdaaf33f9afb42c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
sec-ch-ua-platform
"Win32"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
Content-type
application/x-www-form-urlencoded

Response headers

date
Thu, 18 Apr 2024 05:03:19 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-content-type-options
nosniff
cf-cache-status
DYNAMIC
content-encoding
br
content-security-policy-report-only
frame-ancestors 'self' *.qualtrics.com *.my.salesforce.com *.visualforce.com *.visual.force.com *.lightning.force.com; report-uri https://sjc1.qualtrics.com/csp-report
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
content-type
application/json
access-control-allow-origin
https://citicards.citi.com
cache-control
no-store, no-cache, must-revalidate, max-age=0
access-control-allow-credentials
true
permissions-policy
camera=(), geolocation=(), microphone=()
trace-id
f9dbdb64a9b488fd
timing-allow-origin
*
cf-ray
87621b8fcffb1c3c-FRA
r.rnc
data.privacy.ensighten.com/privacy/v1/b/ 		0
106 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://data.privacy.ensighten.com/privacy/v1/b/r.rnc?n=1&c=1129&i=6agwro&p=na_fsn_prod&s=9871&d=8HR7InZlcnNpb24iOiIxLjAuMCIsImdhdGV3YXkiOiIyLjMuNjExIiwiY2xpZW50SWQiOjExMjksInB1Ymxpc2hQYXRoIjoibmFfZnNuX3Byb2QiLCJpbnN0YW5jZUlkIjoiNmFnd3JvIiwicGFja2V0IjoxLCJtb2RlIjoiZW5mb3JjZV4A8TBvb2tpZXMiOnt9LCJlbnZpcm9ubWVudCI6IkNCT0wgUHJpdmFjeSIsInJlcXVlc3RzIjpbeyJkZXN0aW5hdGm_APMjaHR0cHM6Ly82Mzk3MDU0LmZscy5kb3VibGVjbGljay5uZXQvYWN0aXZpdHlpO3NyYz0qAPMBO3R5cGU9c2VhcnMwO2NhdAsAoDBjO2RjX2xhdD0IAPATcmRpZD07dGFnX2Zvcl9jaGlsZF9kaXJlY3RlZF90cmVhdLEA8As9O29yZD02ODA4NzE5MzQxMDEwLjQ3PyIsImQA8AEiOiJpZnJhbWUiLCJzdGFyDgGgNzEzNDE2NTk4MlcBIGVuYgEKFADTc291cmNlIjoid3JpdDsA0XR1cyI6ImFsbG93ZWQXAUBhc29uFgHUXSwiZGF0YVBhdHRlchIAsmxpc3QiOltdLCJpYADPMjM3NjIzOTgxM30sSAEF9gtuZXh1cy5lbnNpZ2h0ZW4uY29tL2NpdGkvbu4B8CUvc2VydmVyQ29tcG9uZW50LnBocD9uYW1lc3BhY2U9Qm9vdHN0cmFwcGVyJnN0YXRpY0pzNAIfPV0AEmNjb2RlLyZrAvIeZWRPbj1Nb24lMjBNYXIlMjAwNCUyMDEzOjA5OjQzJTIwR01UJTIwMjAyNCZDrgIgRD2tAoEmUGFnZUlEPSACkCUzQSUyRiUyRsoAYGNhcmRzLgoAAN0AABUAUXJzJTJGCgIAHAD2OCUyRmhvbWUuaHRtJTNGQlRfVFglM0QxJTI2UHJvc3BlY3RJRCUzRDg2QzExRUQwNUQ3QTRFQzRBODBDNzJEMjc4MTY4N0ZE_gFvc2NyaXB0_gEBMDE5M_oCAp4BBBICRTQwLCL-ASBtdUABQ29uT2J0ARJMSAACCwI_bG9hCAIhrzE4ODQ4NTc2NzEIAge1dGFnbWFuYWdlcjEsAfVYL29uZS92MS9wcm9maWxlcy83YjJkZDVkOTA3YzAzZmMzODIwYThkMWI0NmJlOTFmMjlkNzg2ZWRjMDYyNTEyODFlZGFjNDBiOGNiNzQzN2FiP3JldHVyblZhbHVlcz1BTExfTkVXIjcDMnhocu4ACzQDLzQyNgEAFzI2AbJYSFJfTUFOQUdFUkEAAi8BDzoDJ68xNDExMDk2MjI0MgH_Og8PBBfwGmRjYmRiNGE5OGIwMGY4NGRhYzJkOWRmZjQxZTQ5ODE4LmpzP2NvbmRpFgavSWQwPTM1MTUyNIQDET4yMzlOAic4M04CuWluc2VydEJlZm9yiQUPfgMkrzM5NTk3MzIyODVMAgcPGgFzAIoEDJwGCRoBD54EQgUgAR82IAEx_RFjMTRjZTdmNzcwYTRjYTZiZDg5NjI1ODc4ZjFiMjRjMzoCbzQyMTkwODoCJx85OgJIjzQ1MjM3NzY4uAUIDzoCFw8aAUkPOgICCBoBDzoCQwQgAR8yOgIH8gBjb25uZWN0LmZhY2Vib28hCv8CZW5fVVMvZmJldmVudHMuanP_ARMdMTkENzM2NP8BD-UAQp8xNTQyNTI0OTjFCQgA3QgAywgG5whVL2Nycy_jCM8vanMvMy5idW5kbGXuABUvMjfuAAAfOO4AT485MjEzMDAyOdMBCD9pdGnuAA0fMO4AHR427gAYN2MIAN4KMG5kQxIMCGMIDxQGJJ8yNjg4MDE2ODDnAF0P1QEACecAD8MCQgTuAC8xMNUBB6Z3d3cuZ29vZ2xligoAsAvwCi9ndGFnL2pzP2lkPURDLTQyNDY1NzYmbD0YAIBEYXRhTGF5ZTcKA3sND30LBz0yODTkAT80MTbSAk2fMjM4NzA0MDk0xQUIBvMAD30LSAbkBA9oCwQfNJ4MAAEUAAWeDA9oCz6fNDk2Nzg0NzIyHQGQDz4CABg5_gUPHQFHD98GCQ8MBRAfMgwFGxAzEQQLBwo_NTExKANNnzMzODkwODE1M-gGLB817gAdDtYHKDU17gAP-gU8jzI5MzE5NDc18gIID88HEQ_nAB4ORA8K5wAP-gVDBO4AD8MCCA_9BFIPehAjPTU3OTMGARQADxIFRwN6EC81NiACCA8yAf8gDwYMAv4rc2lnbmFscy9jb25maWcvMTc4MTk4MjEwODUxNjA4Mj92PTIuOS4xNTQmcj1zdGFibGUmZG9tYWluPaED8FgmaG1lPWMzYTU0NWM2MzA0NGU4ZTkxMDJkNGYzMmQ4NGExMTM3NTk0ZDAyNGYyOGU4MDFkNjcwYmM3NmRjNWMwNzU1NzUmZXhfbT02NyUyQzExMiUyQzk5JTJDMTAzJTJDNTglMkMzFAAADgAgNjYkABA1DwCgMSUyQzg0JTJDNC0AEDUPABExLQAhMTYMACA3MisAITY4BgAAIwAgMTcYABAyEQAQOTgAYDUwJTJDN1YAIDE3CwAhMTUMABE1YwAQNmQAEjFvAAIkABAyPgAQMTkAEDRDACIxNwYAEDdgABEyOgAACwAQMwoAETMbAACbAAA0ABA2iQAQNhgAEDY-AAGSABE4IgABagAAGQAQOYAAEDhAABE4FAAQMBAAIDEwOQAQMxYAIDEwSQAQMsYAETKZABA1SgAhMTUcABAzLQARMgsAAAoAEDErAAFGAQAqAABPABAyLQABvwAQMlIAATwAEDVMAAEpAQEWARA5LAAQMi0AATcBAJ4AAFEAEDcSABA0BQAQMlsAEDkUABA5DwAAPgARMQUAACsAEDhzAAE-ARA3FAAQM2YAAVMBADUAETgTAAAiAAEyARA48AAQNG8AEDSXABA4LAAQM1MAAQ4AABgAEDdmABE0GAABOwABGQAASgABEwAAIgAQNg4AEDQFABA5fwAAIBchQzcZAAAFABAxOxcRQxwBAcwBASABEDk9ABA1HwAQNQoAEDRkABA3WgAQNmQAAsABJjA1KwoPTwsHLjM2zBY_NTg5JwhOjzQ0Mzc2MjI3ThMIDp8DCw8P9gJpbWFnZXMvU1lXLU1DLnBuZ_EAIGltDQANuBkuNTQ6DS82OLoXTp8yNzk2ODgzNDcVCSkE7gAA-xoP7QAoCCMVDy0IQ48wODI0OTkxNBUPKQPtACBzdIkcImQtKBAganDVAQMiDg_iAQYO7AcQNhINBewHD_UAQ481OTMzMjk5NBwPCA_QAhYA4gEP0QIpHzngEU5AMjA5MTcaD_8KKgPkARBT7wAvSEnTAiY_NzA3rgRNnzE5NTM3Nzc0MgALCA_eARwvVFnxACcPxg1PnzIyNTg2Mzc4MM8CCPADem4zYXFiaW5xZnB0bXJxNXctAwHxEWZlZWRiYWNrLnNpdGVpbnRlcmNlcHQucXVhbHRyaWNzDRLyA1NJRS8_UV9aSUQ9Wk5fM2FxQkcAVk1ScTV3xQUPtgYHLjgxCA0QOWAcD-YDS681MjYyMTQzNTU3AhMHD_gACXRXUlNpdGVJFgHxAUVuZ2luZS9UYXJnZXRpbmeRH1BRX1pvbgMfDhoB9QcmUV9DTElFTlRWRVJTSU9OPTIuNC4wFgCGVFlQRT13ZWJBAR94ih0CPTkwMC0PAhQABT4BDwURPp8yNjE5Njc2MjaKHQgPOgH_RPAZZHhqc21vZHVsZS8xMi4wMDU5M2UwNzBhNmYxNTYyYThiNC5jaHVua1IbD2ACE68mUV9CUkFORElEQg0ABn0CD74DBy85NIACDQ-tETyPOTA2NzYxNDe3AyQPQwGCDQEFC8MDD-cIQ8A5MDY3NjE0Nzh9XX0
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
3.124.173.63 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-124-173-63.eu-central-1.compute.amazonaws.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="124", "Not:A-Brand";v="8", "Chromium";v="124"
Referer
https://citicards.citi.com/
Accept-Language
de-DE,de;q=0.9;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 18 Apr 2024 05:03:20 GMT
cache-control
no-cache, no-store
server
nginx
expires
Thu, 18 Apr 2024 05:03:19 GMT

Verdicts & Comments Add Verdict or Comment

27 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

string| CitiCookiePref function| TrackPixel object| opsVars object| ensBootstraps object| Bootstrapper string| enslang object| privacy_cc object| ensClientConfig boolean| ensBrowserSupported object| gateway object| webpackJsonp function| setImmediate function| clearImmediate object| regeneratorRuntime string| axel number| a function| fbq function| _fbq object| gtagDataLayer function| gtag object| citiData object| google_tag_manager object| google_tag_data string| szPixSrcURL object| QSI object| WAFQualtricsWebpackJsonP-cloud-2.4.0 object| _qsie

12 Cookies

Domain/Path Name / Value
citicards.citi.com/ Name: CitiBTSES
Value: SID=0294AE3A2A6E4589945C2C8CABE2D861
.citi.com/ Name: CITI_privacy_cc_SYNC
Value: 0%7C7b2dd5d907c03fc3820a8d1b46be91f29d786edc06251281edac40b8cb7437ab
.citi.com/ Name: CITI_ENSIGHTEN_PRIVACY_BANNER_LOADED
Value: 1
citicards.citi.com/ Name: 7830
Value: error
.doubleclick.net/ Name: receive-cookie-deprecation
Value: 1
.citi.com/ Name: _gcl_au
Value: 1.1.614206525.1713416598
.doubleclick.net/ Name: ar_debug
Value: 1
.doubleclick.net/ Name: IDE
Value: AHWqTUkV9wRLmU2cImTLlXeTSWnhMn7NFZ2GZJ9VqsvZ6FAk5f4Jf0vyN-CWJxlP
.citi.com/ Name: _fbp
Value: fb.1.1713416598586.1449299836
.citi.bridgetrack.com/ Name: CitiBT%5F126
Value: GUID=551B4EDBFB00468C936C6CF5B904935F
.citi.bridgetrack.com/ Name: CitiBT
Value: GUID=551B4EDBFB00468C936C6CF5B904935F
.citi.bridgetrack.com/ Name: CitiBTSES
Value: SID=41C36001E07042279D099D501FEA656D

11 Console Messages

Source Level URL
Text
other warning URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js(Line 195)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other warning URL: https://nexus.ensighten.com/citi/na_fsn_prod/Bootstrap.js(Line 196)
Message:
The AudioContext was not allowed to start. It must be resumed (or created) after a user gesture on the page. https://goo.gl/7K7WLu
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/1781982108516082?v=2.9.154&r=stable&domain=citicards.citi.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 82)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://citicards.citi.com/crs/searscard/home.htm?BT_TX=1&ProspectID=86C11ED05D7A4EC4A80C72D2781687FD
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors https://*.citi.com https://*.bridgetrack.com; report-uri https://csp-reporter-ui3464xpjq-uc.a.run.app/api/csp-report/?env=prod
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

6397054.fls.doubleclick.net
cdn.digitalmarketing.citibankonline.com
citi.bridgetrack.com
citicards.citi.com
cloud.typography.com
connect.facebook.net
data.privacy.ensighten.com
nexus.ensighten.com
searscard.com
sec-citi.bridgetrack.com
siteintercept.qualtrics.com
tagmanager1.citi.com
www.facebook.com
www.googletagmanager.com
zn3aqbinqfptmrq5w-citifeedback.siteintercept.qualtrics.com
104.17.209.240
108.138.26.5
142.250.185.198
192.193.219.66
23.201.248.34
2600:9000:2491:5800:2:8f43:5780:93a1
2a00:1450:4001:813::2008
2a03:2880:f083:100:face:b00c:0:3
2a03:2880:f176:181:face:b00c:0:25de
3.124.173.63
34.107.138.236
35.190.22.40
025c8e86b593c3cda586cd916757e6ade0ed48d58d11809f0336c9256e565f6d
04e86fcf247e2d9809596331db17a2a0d3efe9c9bf1d8d9babd04645286ee68c
04e91b429a89ee4b7f805692047405f1f1b7b2d62b806810b15e5efe610edb02
06a71477117b9dc54f829150b74fe54814be95714f2bfb97613beade94fa0155
1093953df3a199c19b12e687ae5764d08b219e8564a8391b1db31cd8d05000be
127030d7070fb45aac3ae4c5cae35e40195b1a4d8c3ba732d695f926a68ed159
1688b43815570851784814c451a4d36cf8f31da1c2cd2b6bf348dfd2aa7fc7e3
19d1c531eb28e6874db28743d5b045632c45a745ab42e7d75ec21349d6816ded
21e26da44ece6dd7e34dea386e0a00a775bc16223bf0b9b8b9b9fda57f5f3245
3200c24a4f1e45e7940c22d98e4e997f7f01793738e6eff51d5f27f7c5c931f7
3678c9e8b08abd743264e34dfa10643cd76b677e72adcf07df80d387e79422ea
377150c74bd48ee0098ffb395542b657f6e9eafbd71c63d9fc19ff012fbcd526
39a56d4070fe6db54078e4b414c2cf1b24f946c115d23b50bde8d03f4ceebc6f
3ceb6abdaf923b247b264301b13f3c177e976add13d557a07c6edd4d680cbf6e
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
454c455c7827f2aa934809c0e17855dcbddc22e695ce490f334e6d194a043b24
5c245166865b5b67951c894820c62914d5ab38ae5a15fe0d153d039ca2c712f8
63b98a0c8568c08fd01a6946a147bca65eff26c8085f1ccb5330aafe0f0dcd15
75544ef69f4505695c3730186f8d10e99c782b1d65c53d10042c6079a7a64f5a
757ca718f8b15c647ae0cf80d575d88f57d6742ef9c83550557104d5a9ed1edc
773476fc4041f913eb57d338efa749e0c2b63828f086c83da65c3d3aeb51fa73
85f407912384186334577f65bf6bb88045bd96f5222d7c696cc71303d65c826a
8e450dd11643397584755a14b0849ac0870b163b97ba8438810b4ae0c129145f
92519f46c59dcb7eccdf8f728d0b343913039ea248e025748acb7a4d22996046
92fec5a1cbeb8d2da5cd4b07228a5bfacfc91f44358f0656c5b826d279e9f3cc
98385b653a896d567b921203f83141cff048cd35a7c8278edbdaaf33f9afb42c
ae4b18ebaf8aa940f51c537f1c63daa29a6586dcd8ec33ae927fd3c64849e34c
b66e62306d1b6f738c7095c9577957ff21f80d62ed611768eee45d1cf833512c
b8ea714ec80bddb6f87aac6f0cb6ef82460a83a02f5852386de335af54e3aa05
cd1a0f83657d048ed6c7656440860ec772ce1a56277c3f51a0d719aa95f93c8d
d0d937b32b0a1fa6bbdcc5389f695a36147c1b3ba869ecc507b765adf0300393
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5ebfd5e743dbba913639c01e59057c7588937b878537cd851235fed0b621582
edf7faede0cca7c11de00a582f629b1562cee004000f0db71c98b79e172049ed
f11ea944f935eaf7b38e1e6a064214c4d137f305bc49a11d46ab95a4807bba16
f7b78ab3994d3f6de37b359cc3d243d44caca23578c342b6f3966dda1cb9fd70
fa1c6b3cec940b20a70ea65995f9b194f65a17fa30c4fbfcdf718ac3e4a70a16