urlscan.io logo urlscan.io
SecurityTrails logo

www.firstexchange.com Open in urlscan Pro
20.64.137.138  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://b8dcsquab.cc.rs6.net/tn.jsp?f=001nfiMwkwfaDZxnIl4r8oPS_9cct4WOXiKInBCaKAxgb0M1eusqZ-FGoAhXNSLNyyK3uyP0Pzj0k0xyJ6spXZB...
Effective URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Submission: On October 16 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 24 IPs in 4 countries across 24 domains to perform 53 HTTP transactions. The main IP is 20.64.137.138, located in United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.firstexchange.com.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on March 18th 2024. Valid for: a year.
This is the only time www.firstexchange.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 208.75.122.11 40444 (ASN-CC)
14 20.64.137.138 8075 (MICROSOFT...)
3 2a00:1450:400... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 2620:1ec:33::10 8075 (MICROSOFT...)
2 157.240.252.13 32934 (FACEBOOK)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:9000:267... 16509 (AMAZON-02)
2 2001:4860:480... 15169 (GOOGLE)
2 2a00:1450:400... 15169 (GOOGLE)
2 142.250.186.35 15169 (GOOGLE)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2606:4700:440... 13335 (CLOUDFLAR...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 2606:4700::68... 13335 (CLOUDFLAR...)
2 2a03:2880:f17... 32934 (FACEBOOK)
3 3.127.196.46 16509 (AMAZON-02)
3 216.58.206.72 15169 (GOOGLE)
2 2620:1ec:29:1... 8075 (MICROSOFT...)
1 41.63.96.2 22822 (LLNW)
1 2620:1ec:c11:... 8068 (MICROSOFT...)
1 2606:4700::68... 13335 (CLOUDFLAR...)
2 51.8.64.151 8075 (MICROSOFT...)
1 98.98.135.24 21859 (ZEN-ECN)
1 2606:4700::68... 13335 (CLOUDFLAR...)
53 24
1    208.75.122.11 (United States)

ASN40444 (ASN-CC, US)
PTR: rs6.net
b8dcsquab.cc.rs6.net
14    20.64.137.138 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.firstexchange.com
3    2a00:1450:4001:81d::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
2    2a00:1450:4001:828::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2620:1ec:33::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
2    157.240.252.13 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-fra3.fbcdn.net
connect.facebook.net
1    2606:4700::6810:8cd1 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-scripts.com
1    2600:9000:2670:e000:7:d7d6:3c40:93a1 (United States)

ASN16509 (AMAZON-02, US)
tag.clearbitscripts.com
2    2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
2    2a00:1450:400c:c1d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
2    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
www.google.de
1    2606:4700::6811:df98 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hsadspixel.net
1    2606:4700:4400::6812:28f0 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-banner.com
1    2606:4700::6811:afc9 (United States)

ASN13335 (CLOUDFLARENET, US)
js.hs-analytics.net
2    2606:4700::6810:6bfe (United States)

ASN13335 (CLOUDFLARENET, US)
js.hscollectedforms.net
forms.hscollectedforms.net
2    2a03:2880:f177:83:face:b00c:0:25de (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
www.facebook.com
3    3.127.196.46 (Frankfurt am Main, Germany)

ASN16509 (AMAZON-02, US)
PTR: ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
x.clearbitjs.com
app.clearbit.com
3    216.58.206.72 (United States)

ASN15169 (GOOGLE, US)
PTR: mil07s08-in-f8.1e100.net
www.googletagmanager.com
2    2620:1ec:29:1::64 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    41.63.96.2 (Frankfurt am Main, Germany)

ASN22822 (LLNW, US)
PTR: https-41-63-96-2.hhn.llnw.net
cdn01.basis.net
1    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.net
1    2606:4700::6812:f06c (United States)

ASN13335 (CLOUDFLARENET, US)
api.hubapi.com
2    51.8.64.151 (Washington, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
h.clarity.ms
1    98.98.135.24 (Riyadh, Saudi Arabia)

ASN21859 (ZEN-ECN, US)
pixel.sitescout.com
1    2606:4700::6810:7574 (United States)

ASN13335 (CLOUDFLARENET, US)
track.hubspot.com
Apex Domain
Subdomains		 Transfer
14 firstexchange.com
www.firstexchange.com
342 KB
6 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
523 KB
4 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 634
h.clarity.ms — Cisco Umbrella Rank: 13189
29 KB
2 clearbitjs.com
x.clearbitjs.com — Cisco Umbrella Rank: 16255
45 KB
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 113
3 KB
2 hscollectedforms.net
js.hscollectedforms.net — Cisco Umbrella Rank: 4567
forms.hscollectedforms.net — Cisco Umbrella Rank: 4719
25 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 11271
126 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
615 B
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4401
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 180
73 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 348
16 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 34
22 KB
1 hubspot.com
track.hubspot.com — Cisco Umbrella Rank: 2324
1 KB
1 sitescout.com
pixel.sitescout.com — Cisco Umbrella Rank: 5868
259 B
1 clearbit.com
app.clearbit.com — Cisco Umbrella Rank: 16819
1 KB
1 hubapi.com
api.hubapi.com — Cisco Umbrella Rank: 3483
810 B
1 bing.net
bat.bing.net — Cisco Umbrella Rank: 20475
344 B
1 basis.net
cdn01.basis.net — Cisco Umbrella Rank: 6433
2 KB
1 hs-analytics.net
js.hs-analytics.net — Cisco Umbrella Rank: 2191
25 KB
1 hs-banner.com
js.hs-banner.com — Cisco Umbrella Rank: 2172
26 KB
1 hsadspixel.net
js.hsadspixel.net — Cisco Umbrella Rank: 3176
4 KB
1 clearbitscripts.com
tag.clearbitscripts.com — Cisco Umbrella Rank: 13413
5 KB
1 hs-scripts.com
js.hs-scripts.com — Cisco Umbrella Rank: 2500
888 B
1 rs6.net
b8dcsquab.cc.rs6.net
403 B
53 24
Domain Requested by
14 www.firstexchange.com www.firstexchange.com
6 www.googletagmanager.com www.firstexchange.com
www.googletagmanager.com
www.google-analytics.com
js.hsadspixel.net
2 h.clarity.ms www.clarity.ms
2 www.clarity.ms bat.bing.com
www.clarity.ms
2 x.clearbitjs.com tag.clearbitscripts.com
2 www.facebook.com www.firstexchange.com
2 www.google.de www.firstexchange.com
2 stats.g.doubleclick.net www.googletagmanager.com
2 region1.analytics.google.com www.googletagmanager.com
2 connect.facebook.net www.firstexchange.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
bat.bing.com
2 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
1 track.hubspot.com
1 pixel.sitescout.com www.firstexchange.com
1 app.clearbit.com x.clearbitjs.com
1 api.hubapi.com js.hsadspixel.net
1 forms.hscollectedforms.net js.hscollectedforms.net
1 bat.bing.net www.firstexchange.com
1 cdn01.basis.net www.googletagmanager.com
1 js.hscollectedforms.net js.hs-scripts.com
1 js.hs-analytics.net js.hs-scripts.com
1 js.hs-banner.com js.hs-scripts.com
1 js.hsadspixel.net js.hs-scripts.com
1 tag.clearbitscripts.com www.googletagmanager.com
1 js.hs-scripts.com www.googletagmanager.com
1 b8dcsquab.cc.rs6.net 1 redirects
53 26

This site contains links to these domains. Also see Links.

Domain
www.irs.gov
www.firstam.com
www.facebook.com
www.linkedin.com
twitter.com
investeagle.com
Subject Issuer Validity Valid
www.firstexchange.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-03-18 -
2025-04-08		 a year crt.sh
*.google-analytics.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-07-25 -
2024-10-23		 3 months crt.sh
hs-scripts.com
WE1		 2024-09-26 -
2024-12-25		 3 months crt.sh
clearbitscripts.com
Amazon RSA 2048 M03		 2024-05-11 -
2025-06-08		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
*.google.de
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
hsadspixel.net
WE1		 2024-10-10 -
2025-01-08		 3 months crt.sh
hs-banner.com
WE1		 2024-09-24 -
2024-12-23		 3 months crt.sh
hs-analytics.net
WE1		 2024-10-07 -
2025-01-05		 3 months crt.sh
hscollectedforms.net
WE1		 2024-09-22 -
2024-12-21		 3 months crt.sh
clearbitjs.com
Amazon RSA 2048 M02		 2024-02-15 -
2025-03-16		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2024-09-04 -
2025-09-04		 a year crt.sh
cdn01.basis.net
GeoTrust TLS RSA CA G1		 2024-05-06 -
2025-06-06		 a year crt.sh
bat.bing.net
Microsoft Azure RSA TLS Issuing CA 03		 2024-07-30 -
2025-01-26		 6 months crt.sh
hubapi.com
WE1		 2024-09-09 -
2024-12-08		 3 months crt.sh
clearbit.com
Amazon RSA 2048 M03		 2024-02-15 -
2025-03-16		 a year crt.sh
a.clarity.ms
Microsoft Azure RSA TLS Issuing CA 08		 2024-06-23 -
2025-06-18		 a year crt.sh
*.sitescout.com
GeoTrust TLS RSA CA G1		 2024-01-15 -
2025-02-01		 a year crt.sh
hubspot.com
WE1		 2024-10-03 -
2025-01-01		 3 months crt.sh

This page contains 2 frames:

Primary Page: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Frame ID: B08666A4AFA305593F8F6003478E65A2
Requests: 52 HTTP requests in this frame

Frame: https://www.googletagmanager.com/ns.html?id=GTM-52NMHWQ
Frame ID: A2F697688C752DC401D35E2BCB663D71
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Tax Relief for Disaster Victims Across the United States and its Territories

Page URL History Show full URLs

  1. https://b8dcsquab.cc.rs6.net/tn.jsp?f=001nfiMwkwfaDZxnIl4r8oPS_9cct4WOXiKInBCaKAxgb0M1eusqZ-FGoAhXNSLNyyK... HTTP 302
    https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • /_nuxt/
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • js\.hs-analytics\.net/analytics

Page Statistics

53
Requests

100 %
HTTPS

64 %
IPv6

24
Domains

26
Subdomains

24
IPs

4
Countries

1144 kB
Transfer

3465 kB
Size

17
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://b8dcsquab.cc.rs6.net/tn.jsp?f=001nfiMwkwfaDZxnIl4r8oPS_9cct4WOXiKInBCaKAxgb0M1eusqZ-FGoAhXNSLNyyK3uyP0Pzj0k0xyJ6spXZB6sZJ4vVi6E50WVMSBgLFqYCLf0oDjsXv2b6RfM8q8qbk79yxMKuSiRCYmJH3DM9h6RQki6OfLSwxJ2OdVnk_fN13RRla45pGlEvL54-oEOL9_E0dEjMyvjYF0UA4zvDqnJaHWNsi-8EjWSH3EY5BbeY=&c=plyB3H9lnmAwahwn_IeYstfHf9DpiprJshWYPBSSptpQt8quj_Qkjg==&ch=dzrAUd7lle3lFU-gaMDbxRbcyfK8fDIEupuDsDISYxcTrZhOHWeuTQ== HTTP 302
    https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

53 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
www.firstexchange.com/
Redirect Chain
  • https://b8dcsquab.cc.rs6.net/tn.jsp?f=001nfiMwkwfaDZxnIl4r8oPS_9cct4WOXiKInBCaKAxgb0M1eusqZ-FGoAhXNSLNyyK3uyP0Pzj0k0xyJ6spXZB6sZJ4vVi6E50WVMSBgLFqYCLf0oDjsXv2b6RfM8q8qbk79yxMKuSiRCYmJH3DM9h6RQki6Of...
  • https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
84 KB
18 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
56ad124b6a7708ea722972b539ced4b20aed4c83bb818b587198bf6eebbea333
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.licdn.com https://connect.facebook.net/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://static.ctctcdn.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn01.basis.net https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://tag.clearbitscripts.com https://*.clearbitjs.com https://*.bing.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://static.ctctcdn.com https://static.ctctcdn.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://google.com https://*.googleadservices.com https://dc.services.visualstudio.com https://*.ctctcdn.com https://*.constantcontact.com https://cdn.linkedin.oribi.io https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.clearbit.com https://*.bing.com https://*.clarity.ms; frame-src 'self' https://pixel.sitescout.com https://www.youtube.com https://*.google.com https://*.googletagmanager.com https://td.doubleclick.net; img-src * data:; script-src 'sha256-WS1gofTxnEZrBcDfn0V15DakYc+D1XvnYU9YaTtbeIs=' 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

Accept-Ranges
none
Connection
keep-alive
Content-Encoding
gzip
Content-Security-Policy
default-src 'self'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.licdn.com https://connect.facebook.net/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://static.ctctcdn.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn01.basis.net https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://tag.clearbitscripts.com https://*.clearbitjs.com https://*.bing.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://static.ctctcdn.com https://static.ctctcdn.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://google.com https://*.googleadservices.com https://dc.services.visualstudio.com https://*.ctctcdn.com https://*.constantcontact.com https://cdn.linkedin.oribi.io https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.clearbit.com https://*.bing.com https://*.clarity.ms; frame-src 'self' https://pixel.sitescout.com https://www.youtube.com https://*.google.com https://*.googletagmanager.com https://td.doubleclick.net; img-src * data:; script-src 'sha256-WS1gofTxnEZrBcDfn0V15DakYc+D1XvnYU9YaTtbeIs=' 'self'
Content-Type
text/html; charset=utf-8
Date
Wed, 16 Oct 2024 17:50:20 GMT
ETag
"14f84-yuBmr2dwzcZL/MuzE4+BleT4yRo"
Expect-CT
max-age=0
Referrer-Policy
no-referrer strict-origin
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Content-Type-Options
nosniff
X-Download-Options
noopen
X-Frame-Options
SAMEORIGIN
X-Permitted-Cross-Domain-Policies
none
x-ms-middleware-request-id
56884add-678c-43c4-b72b-627a8fad7cea

Redirect headers

Cache-Control
private, no-cache, no-store, max-age=0, must-revalidate, no-cache="Set-Cookie"
Connection
close
Content-Length
0
Content-Type
text/html;charset=ISO-8859-1
Date
Wed, 16 Oct 2024 17:50:19 GMT
Location
https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
P3P
CP="CAO DSP TAIa OUR NOR UNI"
Pragma
no-cache
Server
Apache
92c2fcc.js
www.firstexchange.com/_nuxt/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/92c2fcc.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
20ccd030ef2dbd52d787d19bf887e01ec9010a71b4b6a3873322e1d8f7785844
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"fe8-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
2f76f30a-9646-4fba-8693-5d714ed06eef
Date
Wed, 16 Oct 2024 17:50:20 GMT
Content-Type
application/javascript; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
4267bf5.js
www.firstexchange.com/_nuxt/ 		251 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/4267bf5.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
ebe16325bbf799f721fed43f5fdc642556ec51fab76437a4adaa1b6ac533a18c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"3ec8f-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
818111df-5986-498c-8f01-0e8c8c5657a4
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
application/javascript; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
92219ba.js
www.firstexchange.com/_nuxt/ 		285 KB
87 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/92219ba.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
03443358e8219c9ac8c5bf9458ea68d66c63bf6f5a639888ee94353508e5a6c9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"47414-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
cb3586a7-48c0-4e49-9fae-bdbb8d44ad92
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
application/javascript; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
ac055d3.css
www.firstexchange.com/_nuxt/css/ 		154 KB
26 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/css/ac055d3.css
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e414ddced86de7dd644ecc30283810262f8663b40508b41b27bfbcb86ecaff67
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"268d4-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
382fd745-01ab-411a-8fe0-8f0e5bbfdee2
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
text/css; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
f797bda.js
www.firstexchange.com/_nuxt/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/f797bda.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
4bb3b3a23fe2d0f3f42a5f08df071f558dccad57d0284c4c0729abe1373eafa9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"1227e-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
a9755f32-a316-41b0-917f-39e137f81281
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
application/javascript; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
03d512c.css
www.firstexchange.com/_nuxt/css/ 		6 KB
2 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/css/03d512c.css
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b2c70b87db25302b7a82893cbf300602e513c3e9acef1d9fce38a79b9a2b3a72
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"18ba-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
eb519d73-dd76-4c4b-aea0-3796e172810c
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
text/css; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
c23799f.js
www.firstexchange.com/_nuxt/ 		18 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/c23799f.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
041e7910e54a2c14ad6002c661d58266ff8998f2b3e8b82401f70f1832f3dfd9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"494f-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
914061be-7a20-4353-825d-0be1377cc603
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
application/javascript; charset=UTF-8
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
gtm.js
www.googletagmanager.com/ 		370 KB
120 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
c0bc00b9b644acc17816d17d13a194be8fd9eeec52a50debecaa413d260ef3ea
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Wed, 16 Oct 2024 17:50:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 16 Oct 2024 17:01:57 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
121768
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		349 KB
112 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-74LTHJ3JMC&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e29472d5dbe8590336f976bfab2ba81b4fcb6aef36c21189394fe89273c5bb99
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 16 Oct 2024 17:50:20 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:20 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
113876
x-xss-protection
0
server
Google Tag Manager
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
gzip
age
1446
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Wed, 16 Oct 2024 19:26:15 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:26:15 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
c3be590171c0375d497714a608a5c4cd4e90e124e1c0cff1807cd8adb156e64b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"01973e1111cdb1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: F4CA09D0C3A144C4A4B3058BB7A813D2 Ref B: FRA31EDGE0210 Ref C: 2024-10-16T17:50:21Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14538
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript
last-modified
Fri, 11 Oct 2024 19:15:06 GMT
vary
Accept-Encoding
fbevents.js
connect.facebook.net/en_US/ 		227 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
5bbd9766838bf11e3ff360ec5cbb60d6ada352fbad7f7691e24f847313b9b1d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 16 Oct 2024 17:50:20 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=34, rtx=0, c=23, mss=1232, tbw=4441, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
KsVs5k9skmEcpSTmar2SLnuXCMhJNzQS7cp2EA6Vxs1tf56ehdiKP0ZLqxMFUsP5AD5/3XQCrUhM1tQmY/wBaA==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
59352
x-xss-protection
0
origin-agent-cluster
?1
39536781.js
js.hs-scripts.com/ 		2 KB
888 B 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-scripts.com/39536781.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:8cd1 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ae5677f0555d0b86ea9ff2828aeabf37d6f4f255cf574a07bb1e5c94452a0e3
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

access-control-max-age
3600
content-encoding
br
cf-bgj
minify
cf-cache-status
HIT
age
4
x-content-type-options
nosniff
expires
Wed, 16 Oct 2024 17:51:51 GMT
cf-polished
origSize=2048
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
3f8ae8c1-9a05-4ca4-8af9-6b75da1ee7fb
content-type
application/javascript;charset=utf-8
last-modified
Wed, 16 Oct 2024 17:50:17 GMT
vary
origin, Accept-Encoding
cache-control
public, max-age=90
access-control-allow-credentials
true
cf-ray
8d39e4054e34d289-FRA
access-control-allow-origin
https://www.firstexchange.com
server
cloudflare
tags.js
tag.clearbitscripts.com/v1/pk_fabe46ff2e6726587acf039a6f45a24a/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://tag.clearbitscripts.com/v1/pk_fabe46ff2e6726587acf039a6f45a24a/tags.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:2670:e000:7:d7d6:3c40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
Clearbit /
Resource Hash
1fc3e62af282b8c3b57763aa86a290505792c04a0da1c662c531118044feefce
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
content-encoding
gzip
etag
W/"d0ac9992821e4662f04ab610e5e8ae0b"
x-envoy-response-flags
-
x-content-type-options
nosniff
via
1.1 90b31bff657d66dd87e437e4a49bf7a6.cloudfront.net (CloudFront)
x-cache
Miss from cloudfront
x-amz-cf-id
KvvTBSTCL7S3xfKdFDc09GcbbGtO2TaZoOmkIkpazJVZ-lU_Ks9iCg==
date
Wed, 16 Oct 2024 17:50:20 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
server
Clearbit
x-amz-cf-pop
FRA56-P9
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-74LTHJ3JMC&gtm=45je4ae0v894600639z8830851354za200zb830851354&_p=1729101020700&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101823847&cid=1349101208.1729101021&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1729101021&sct=1&seg=0&dl=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&dt=Tax%20Relief%20for%20Disaster%20Victims%20Across%20the%20United%20States%20and%20its%20Territories&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1554
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-74LTHJ3JMC&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.firstexchange.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
558 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-74LTHJ3JMC&cid=1349101208.1729101021&gtm=45je4ae0v894600639z8830851354za200zb830851354&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101533422~101686685~101823847
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-74LTHJ3JMC&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.firstexchange.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-74LTHJ3JMC&cid=1349101208.1729101021&gtm=45je4ae0v894600639z8830851354za200zb830851354&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101533422~101686685~101823847&tag_exp=101533422~101686685~101823847&z=199220746
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 16 Oct 2024 17:50:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
546377766522993
connect.facebook.net/signals/config/ 		74 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/546377766522993?v=2.9.171&r=stable&domain=www.firstexchange.com&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.252.13 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-01-fra3.fbcdn.net
Software
/
Resource Hash
45b30fa278c84f9f3dcf81f770be098fc8417a6021358d49470ed5c8af9f6376
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'unsafe-inline' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=22, rtx=0, c=74, mss=1232, tbw=67733, tp=65, tpl=0, uplat=1, ullat=-1
pragma
public
x-fb-debug
C1O0BlQhHzH9dqvz0KAe8iv/XlftjWWC8uSY9a8osRE8m2uHOjvIrwwVJfOGyTx1wgfx7vqyW2k4Cb+1DKeGHw==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
14849
x-xss-protection
0
origin-agent-cluster
?1
logo.56338cf.svg
www.firstexchange.com/_nuxt/img/ 		77 KB
31 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstexchange.com/_nuxt/img/logo.56338cf.svg
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/css/ac055d3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
077e232602c986afa164b21fddb424dc8cb085bcb4cb4b649c48aa7d93d33330
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"13525-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
ea3ee311-1a98-4ccd-a518-6d9a991ddf50
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
image/svg+xml
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
icon-search.585bc97.svg
www.firstexchange.com/_nuxt/img/ 		604 B
998 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.firstexchange.com/_nuxt/img/icon-search.585bc97.svg
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/css/ac055d3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e91e4de585374ccf372762b1e0de092e633c6d38dbdd33c47c32149874639c07
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Content-Encoding
gzip
ETag
W/"25c-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
a9496e0b-85f7-4fa0-86fc-a402e7de72b9
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
image/svg+xml
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
Vary
Accept-Encoding
X-Frame-Options
SAMEORIGIN
Transfer-Encoding
chunked
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
avenirlt-roman.1aa1750.woff
www.firstexchange.com/_nuxt/fonts/ 		29 KB
30 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/fonts/avenirlt-roman.1aa1750.woff
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/css/ac055d3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
54408e6341c4e942aae6595c2ea1151d31903ebd8daa2691182df6bdfc9417ae
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.firstexchange.com
Referer
https://www.firstexchange.com/

Response headers

ETag
W/"73c8-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
779f6f46-d128-4c7c-9a76-061549be258b
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
font/woff
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
Content-Length
29640
avenirlt-black.8bcc74f.woff
www.firstexchange.com/_nuxt/fonts/ 		27 KB
28 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/fonts/avenirlt-black.8bcc74f.woff
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/css/ac055d3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
d283582ecd0a07e96c8ecf32123398b9e1c558bfb83cc25254027ec23192b973
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.firstexchange.com
Referer
https://www.firstexchange.com/

Response headers

ETag
W/"6d0d-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
0a88979f-f706-439b-944a-987539a7f2b6
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
font/woff
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
Content-Length
27917
icons.37c8890.woff
www.firstexchange.com/_nuxt/fonts/ 		1 KB
2 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/_nuxt/fonts/icons.37c8890.woff
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/css/ac055d3.css
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
edd6259fec3c54b181020b2d8fdd350497f5af595fb85ad3325970cedcfe17d0
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.firstexchange.com
Referer
https://www.firstexchange.com/

Response headers

ETag
W/"5fc-192563922b0"
Expect-CT
max-age=0
X-Permitted-Cross-Domain-Policies
none
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
75e0f711-4718-4860-92dc-8f0a848b13fe
Date
Wed, 16 Oct 2024 17:50:21 GMT
Content-Type
font/woff
Last-Modified
Fri, 04 Oct 2024 06:30:38 GMT
X-Frame-Options
SAMEORIGIN
Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Cache-Control
public, max-age=31536000
Connection
keep-alive
Referrer-Policy
no-referrer, strict-origin
X-Download-Options
noopen
Accept-Ranges
bytes
Content-Length
1532
collect
www.google-analytics.com/j/ 		15 B
438 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=139843857&t=pageview&_s=1&dl=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&ul=de-de&de=UTF-8&dt=Tax%20Relief%20for%20Disaster%20Victims%20Across%20the%20United%20States%20and%20its%20Territories&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=409659997&gjid=956718930&cid=1349101208.1729101021&tid=UA-4657217-40&_gid=886840614.1729101021&_r=1&_slc=1&gtm=45He4ae0n8152NMHWQv830851354za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685&npa=1&z=1431780699
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:828::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
abce2e05af4c452d8bc3f0eb0d9080370c0ca782994032dc0c7845a4141705c1
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.firstexchange.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.firstexchange.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
fb.js
js.hsadspixel.net/ 		6 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hsadspixel.net/fb.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39536781.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:df98 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b493c544bb5bec000c3f54dc15d00c2344d05c4d3ad92b6c42f40c3af22d1561
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

x-evy-trace-virtual-host
all
x-request-id
b8b2cb63-52e8-416c-a45b-feb86d6b8654
content-encoding
gzip
cf-cache-status
HIT
etag
W/"1d2536215ee0d9bcf9e0a73018581e8c"
x-amz-version-id
95HNFbhZXesh1fHXnZ0_WHJ1acBDr1g5
age
462
cache-tag
staticjsapp-AdsScriptLoaderCloudflare-web-prod,staticjsapp-prod
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-hs-cache-status
MISS
x-amz-cf-id
XsTQcqvuIUrWm662XLJaxHRPOw6ReeRdCXLNC1aRvdjSIJONewCTDw==
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
b8b2cb63-52e8-416c-a45b-feb86d6b8654
content-type
application/javascript; charset=utf-8
last-modified
Mon, 14 Oct 2024 14:17:24 UTC
vary
Accept-Encoding
x-evy-trace-listener
listener_https
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=600
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7df4f6b649-krlhh
x-envoy-upstream-service-time
19
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=adsscriptloaderstatic/static-1.604/bundles/pixels-release.js&cfRay=8d39d8bded4ddcb6-FRA
via
1.1 a4f9ca051b97c1ac09e2af244690d376.cloudfront.net (CloudFront)
cf-ray
8d39e4069cdcd2f6-FRA
x-evy-trace-route-configuration
listener_https/all
x-hs-target-asset
adsscriptloaderstatic/static-1.604/bundles/pixels-release.js
x-amz-cf-pop
IAD12-P3
server
cloudflare
x-amz-server-side-encryption
AES256
banner.js
js.hs-banner.com/v2/39536781/ 		71 KB
26 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-banner.com/v2/39536781/banner.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39536781.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:4400::6812:28f0 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3c656c1d288a32b066f90eead7409ceabb070b4af5addfdb0fb48eef3e0abf30

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

x-evy-trace-virtual-host
all
access-control-max-age
604800
x-request-id
8bfc800b-2e4d-459c-b896-37c25632b8ed
access-control-expose-headers
x-last-modified-timestamp, X-HubSpot-NotFound, X-HS-User-Request, Link, Server-Timing
content-encoding
gzip
cf-cache-status
HIT
etag
W/"30414a54ef0837267d469a87b2b9a74e"
x-amz-version-id
aD3OfPmhOSXd5N_uWBd06ny7W7H68GGN
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
expires
Wed, 16 Oct 2024 17:53:35 GMT
x-evy-trace-listener
listener_https
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
8bfc800b-2e4d-459c-b896-37c25632b8ed
content-type
text/javascript; charset=UTF-8
last-modified
Sat, 25 May 2024 02:35:01 GMT
vary
origin, Accept-Encoding
x-amz-id-2
WOaHPuXPuRAg39GmWL6x3JrXbEWb3iVK+J/xUqxP4J/JDCrnDxRJSwixEm3l1UfQQlIeOnHexG8=
access-control-allow-headers
Origin, X-Requested-With, Content-Type, Accept, Accept-Charset, Accept-Encoding, X-Override-Internal-Permissions, X-Properties-Source, X-Properties-SourceId, X-Properties-Flag, X-Hubspot-User-Id, X-Hubspot-Trace, X-Hubspot-Callee, X-Hubspot-Offset, X-Hubspot-No-Trace, X-HubSpot-Static-App-Info, X-HubSpot-Messages-Uri, X-HubSpot-Request-Source, X-HubSpot-Request-Reason, Subscription-Billing-Auth-Token, X-App-CSRF, X-Tools-CSRF, Online-Payment-Signing-UUID, X-Source, X-SourceId, X-Origin-UserId, X-Biden-Request-Source, X-HubSpot-CSRF-hubspotapi, X-Force-Cookie-Refresh, X-Force-Cookie-Refresh-No-Cache, X-HS-User-Request, X-Application-Id, X-HS-Referer, X-HubSpot-Correlation-Id
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
timing-allow-origin
*
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-75d7846cb8-9hjfm
x-envoy-upstream-service-time
93
access-control-allow-credentials
true
x-amz-request-id
9AZBHJACE1RFW96S
cf-ray
8d39e406aea05d60-FRA
access-control-allow-origin
https://www.firstexchange.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-amz-server-side-encryption
AES256
39536781.js
js.hs-analytics.net/analytics/1729101000000/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hs-analytics.net/analytics/1729101000000/39536781.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39536781.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:afc9 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a6c548ef8038addc3321cd2cc39b327997e372145a0b83df498283c77aa3174d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

x-amz-server-side-encryption
AES256
x-request-id
69e402f0-8ad3-4874-bceb-4f1861e71bd1
content-encoding
gzip
cf-cache-status
HIT
etag
W/"ed1b2a5ad4470873211fb301c2140527"
x-amz-version-id
null
age
4
expires
Wed, 16 Oct 2024 17:55:17 GMT
x-evy-trace-listener
listener_https
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
69e402f0-8ad3-4874-bceb-4f1861e71bd1
content-type
text/javascript
last-modified
Tue, 01 Oct 2024 16:08:54 GMT
vary
origin, Accept-Encoding
x-amz-id-2
xCW7QrN+Cg+qSXKhElA/XeaPxKoet12emOrX7GC+qiXIJ26RYf7tjCLtezITJ4Wr42w6N+MP9ec=
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=300,public
x-evy-trace-served-by-pod
iad02/analytics-js-proxy-td/envoy-proxy-6f96cfd686-pfx9l
x-envoy-upstream-service-time
26
access-control-allow-credentials
false
x-amz-request-id
07W63ZCVM3TRPEFH
cf-ray
8d39e4069848d3a4-FRA
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
collectedforms.js
js.hscollectedforms.net/ 		69 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.hscollectedforms.net/collectedforms.js
Requested by
Host: js.hs-scripts.com
URL: https://js.hs-scripts.com/39536781.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://www.firstexchange.com
Referer
https://www.firstexchange.com/

Response headers

x-request-id
4050c9dc-240c-4abe-8320-3743d7123043
content-encoding
gzip
cf-cache-status
HIT
x-amz-version-id
_vUoUmuymk3IT7Uikz585Nn8PzBEJUsn
etag
W/"216a00fb66fa9b149d5f8b5557f0f563"
age
106
cache-tag
staticjsapp-collected-forms-embed-js-web-prod,staticjsapp-prod
x-content-type-options
nosniff
x-cache
Hit from cloudfront
x-evy-trace-listener
listener_https
x-amz-cf-id
we-CTWK4E9-mrFXbT6T_yI-50kAKkx9xdJWuoa-SZlxAdSnU2uVZ7Q==
x-hubspot-correlation-id
4050c9dc-240c-4abe-8320-3743d7123043
content-type
application/javascript; charset=utf-8
last-modified
Mon, 14 Oct 2024 10:34:35 UTC
x-amz-replication-status
COMPLETED
x-evy-trace-route-service-name
envoyset-translator
cache-control
s-maxage=600, max-age=300
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7df4f6b649-2hwgm
x-envoy-upstream-service-time
8
x-hs-target-asset
collected-forms-embed-js/static-1.885/bundles/project.js
server
cloudflare
x-evy-trace-virtual-host
all
x-amz-server-side-encryption
AES256
access-control-max-age
3000
access-control-allow-methods
GET
x-hs-cache-status
MISS
date
Wed, 16 Oct 2024 17:50:21 GMT
vary
Accept-Encoding,Origin,Access-Control-Request-Headers,Access-Control-Request-Method
content-security-policy-report-only
frame-ancestors 'self'; report-uri https://send.hsbrowserreports.com/csp/report?resource=collected-forms-embed-js/static-1.885/bundles/project.js&cfRay=8d39e1724e79918c-FRA
via
1.1 f01dafb3bec9893b47152910d47900a4.cloudfront.net (CloudFront)
cf-ray
8d39e40699ed1cbf-FRA
access-control-allow-origin
*
x-evy-trace-route-configuration
listener_https/all
x-amz-cf-pop
IAD12-P3
187115442.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/187115442.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a3161ad5112296e360c0bc75a7bc6d1d16abe3b9244ff04ff7078475bf13086f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=60
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 7C8718231C964A269C7F82FC4E231A08 Ref B: FRA31EDGE0210 Ref C: 2024-10-16T17:50:21Z
x-cache
CONFIG_NOCACHE
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=546377766522993&ev=PageView&dl=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&rl=&if=false&ts=1729101021177&sw=1600&sh=1200&v=2.9.171&r=stable&a=tmgoogletagmanager&ec=0&o=12318&fbp=fb.1.1729101021173.337207793709758183&cs_est=true&ler=empty&cdl=API_unavailable&it=1729101021113&coo=false&rqm=GET
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=21, rtx=0, c=10, mss=1297, tbw=2975, tp=-1, tpl=-1, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
text/plain
server
proxygen-bolt
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=546377766522993&ev=PageView&dl=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&rl=&if=false&ts=1729101021177&sw=1600&sh=1200&v=2.9.171&r=stable&a=tmgoogletagmanager&ec=0&o=12318&fbp=fb.1.1729101021173.337207793709758183&cs_est=true&ler=empty&cdl=API_unavailable&it=1729101021113&coo=false&rqm=FGET
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f177:83:face:b00c:0:25de Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7426432337146009673"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
Ez2V1ST44bhG8WcqgbKdWztBDbi4Zp7RTEd/zhf/8CKH8tGkflcxfohL4pIdl4xstYtldQ93eRLPpRnArQpfbA==
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7426432337146009673", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=20, rtx=0, c=14, mss=1297, tbw=3293, tp=-1, tpl=-1, uplat=266, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
destinations.min.js
x.clearbitjs.com/v2/pk_fabe46ff2e6726587acf039a6f45a24a/ 		0
172 B 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_fabe46ff2e6726587acf039a6f45a24a/destinations.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_fabe46ff2e6726587acf039a6f45a24a/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
x-envoy-response-flags
-
x-content-type-options
nosniff
content-length
0
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript;charset=utf-8
server
Clearbit
tracking.min.js
x.clearbitjs.com/v2/pk_fabe46ff2e6726587acf039a6f45a24a/ 		168 KB
45 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://x.clearbitjs.com/v2/pk_fabe46ff2e6726587acf039a6f45a24a/tracking.min.js
Requested by
Host: tag.clearbitscripts.com
URL: https://tag.clearbitscripts.com/v1/pk_fabe46ff2e6726587acf039a6f45a24a/tags.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c29b03856f293de4118a192a0bededc6792b7b959ef08a1044985ea68db22c75
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
cache-control
private, max-age=600
content-encoding
gzip
x-envoy-response-flags
-
x-content-type-options
nosniff
date
Wed, 16 Oct 2024 17:50:20 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
server
Clearbit
js
www.googletagmanager.com/gtag/ 		304 KB
102 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-HWDBQR6XH4&cx=c&_slc=1
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
5be70c2ffb431cf0ee643a3124a200df26213834c436ced176d191464c3100f6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 16 Oct 2024 17:50:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
104440
x-xss-protection
0
server
Google Tag Manager
187115442
www.clarity.ms/tag/uet/ 		744 B
1000 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/187115442?insights=1
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/187115442.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
b3ef196200746b1da8ad691f4042db987b39369004da94b117625baf24fb3aae

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store
request-context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
expires
-1
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
744
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/x-javascript
x-azure-ref
20241016T175021Z-1588498f885t225nmnp5k1a6wc0000000ad000000000evkf
up.js
cdn01.basis.net/assets/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn01.basis.net/assets/up.js?um=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
41.63.96.2 Frankfurt am Main, Germany, ASN22822 (LLNW, US),
Reverse DNS
https-41-63-96-2.hhn.llnw.net
Software
AC1.1 /
Resource Hash
64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
gzip
age
59041
x-llid
5a36dd6ee6c7faa3feed6e25f555298b
accept-ranges
bytes
content-length
1714
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript
vary
accept-encoding
server
AC1.1
last-modified
Tue, 02 Apr 2024 15:41:58 GMT
0
bat.bing.net/action/ 		0
344 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://bat.bing.net/action/0?ti=187115442&Ver=2&mid=e412fced-2615-42a9-ba74-edc517dd5fae&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Tax%20Relief%20for%20Disaster%20Victims%20Across%20the%20United%20States%20and%20its%20Territories&p=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&r=&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=885876
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, must-revalidate
pragma
no-cache
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 4147D5687C8E41E59B8271701B6A8C6B Ref B: FRAEDGE2018 Ref C: 2024-10-16T17:50:21Z
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Wed, 16 Oct 2024 17:50:21 GMT
json
forms.hscollectedforms.net/collected-forms/v1/config/ 		133 B
433 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://forms.hscollectedforms.net/collected-forms/v1/config/json?portalId=39536781&utk=
Requested by
Host: js.hscollectedforms.net
URL: https://js.hscollectedforms.net/collectedforms.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:6bfe , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2a7cbf139a4b07717596951def2fb897546150e2395b1a2586db71095aa8b895
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/json, text/plain, */*
Referer
https://www.firstexchange.com/

Response headers

x-robots-tag
none
access-control-max-age
180
x-request-id
dd9200d8-c2d3-4c65-be7f-fca31e2ba0f3
content-encoding
br
cf-cache-status
DYNAMIC
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
dd9200d8-c2d3-4c65-be7f-fca31e2ba0f3
content-type
application/json;charset=utf-8
vary
Accept-Encoding
access-control-allow-headers
*
x-evy-trace-route-service-name
envoyset-translator
cache-control
max-age=0
x-evy-trace-served-by-pod
iad02/app-td/envoy-proxy-7df4f6b649-x4vlr
x-envoy-upstream-service-time
3
cf-ray
8d39e4071ac81cbf-FRA
access-control-allow-origin
https://www.firstexchange.com
x-evy-trace-route-configuration
listener_https/all
server
cloudflare
x-evy-trace-virtual-host
all
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-HWDBQR6XH4&gtm=45je4ae0v9139024977za200&_p=1729101020700&_gaz=1&gcd=13l3l3l2l3l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101533422~101686685~101823847&ul=de-de&sr=1600x1200&cid=1349101208.1729101021&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=EBAI&_s=1&dl=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&dt=Tax%20Relief%20for%20Disaster%20Victims%20Across%20the%20United%20States%20and%20its%20Territories&sid=1729101021&sct=1&seg=0&en=page_view&_fv=1&_ss=1&_ee=1&tfd=1826
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HWDBQR6XH4&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.firstexchange.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
57 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HWDBQR6XH4&cid=1349101208.1729101021&gtm=45je4ae0v9139024977za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101533422~101686685~101823847
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HWDBQR6XH4&cx=c&_slc=1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c1d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.firstexchange.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HWDBQR6XH4&cid=1349101208.1729101021&gtm=45je4ae0v9139024977za200&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l3l1&npa=1&frm=0&tag_exp=101533422~101686685~101823847&tag_exp=101533422~101686685~101823847&z=778355507
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Wed, 16 Oct 2024 17:50:21 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
json
api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/ 		115 B
810 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api.hubapi.com/hs-script-loader-public/v1/config/pixels-and-events/json?portalId=39536781
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:f06c , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6f25188bd749c94d5b615f375a92e58eed2d68eb2e44139fbc0c0ee56f5cb4f
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

access-control-max-age
180
content-encoding
br
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7r3pwTdHsTp00DprJqkkmbPqXdan3abAwa35wxMTbZjtCBYo2ve%2FkS3HkIBYUr8YBKe3Hh4cmXWc%2BCBc73rfi6yOwG91Dl15xPrt7fnLL%2BZ8njdYecHnBeNRbzsKv%2FPuqPauFpsw0kGY9I9B"}],"group":"cf-nel","max_age":604800}
access-control-allow-methods
GET, OPTIONS, PUT, POST, DELETE, PATCH, HEAD
x-content-type-options
nosniff
date
Wed, 16 Oct 2024 17:50:21 GMT
x-hubspot-correlation-id
3be8f06d-6818-41f0-bfa2-222c9fdeb3b5
content-type
application/json;charset=utf-8
vary
origin, Accept-Encoding
access-control-allow-headers
*
strict-transport-security
max-age=31536000; includeSubDomains; preload
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
access-control-allow-credentials
false
cf-ray
8d39e407da544d3d-FRA
access-control-allow-origin
https://www.firstexchange.com
server
cloudflare
p
app.clearbit.com/v1/ 		16 B
1 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://app.clearbit.com/v1/p
Requested by
Host: x.clearbitjs.com
URL: https://x.clearbitjs.com/v2/pk_fabe46ff2e6726587acf039a6f45a24a/tracking.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
3.127.196.46 Frankfurt am Main, Germany, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-3-127-196-46.eu-central-1.compute.amazonaws.com
Software
Clearbit /
Resource Hash
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
Security Headers
Name Value
Strict-Transport-Security max-age=63072000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.firstexchange.com/

Response headers

strict-transport-security
max-age=63072000; includeSubDomains; preload
access-control-max-age
7200
access-control-expose-headers
content-encoding
gzip
x-envoy-response-flags
-
access-control-allow-credentials
true
access-control-allow-methods
GET, POST, OPTIONS
content-security-policy-report-only
default-src 'self'; script-src 'unsafe-inline' 'report-sample' 'self' https://browser.sentry-cdn.com https://cdn.amplitude.com/libs/amplitude-5.2.2-min.gz.js https://cdn.clearbit.com https://cdn.segment.com/analytics.js/v1/auzWlbWIBrAsKnGQIiT0X3IjfZyepgW5/analytics.min.js https://checkout.stripe.com https://connect.facebook.net https://edge.fullstory.com/s/fs.js https://fast.appcues.com https://www.google-analytics.com/analytics.js https://x.clearbitjs.com https://cdn.clearbit.com https://*.commandbar.com; style-src 'unsafe-inline' 'report-sample' 'self' https://cdn.clearbit.com https://*.commandbar.com https://fast.appcues.com https://fonts.googleapis.com; object-src 'none'; base-uri 'self'; connect-src 'self' https://api.amplitude.com https://*.commandbar.com https://api.segment.io https://checkout.stripe.com https://rs.fullstory.com https://www.google-analytics.com wss://api.appcues.net https://stats.g.doubleclick.net https://sentry.io https://logo.clearbit.com; font-src 'self' https://fonts.gstatic.com; frame-src 'self' https://*.commandbar.com https://checkout.stripe.com; img-src 'self' https://*.commandbar.com https://*.stripe.com data: https://cdn.clearbit.com https://images.ctfassets.net https://logo.clearbit.com https://www.facebook.com https://connect.facebook.net https://www.google.com https://unpkg.com/react-flag-kit https://cloudfront.net/v1/avatars https://*.googleusercontent.com; manifest-src 'self'; media-src 'self'; worker-src 'none';
x-content-type-options
nosniff
access-control-allow-origin
https://www.firstexchange.com
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/json
vary
Accept-Encoding, Origin
server
Clearbit
clarity.js
www.clarity.ms/s/0.7.48/ 		64 KB
27 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.48/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/uet/187115442?insights=1
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:29:1::64 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
36b4b4c6757a5d380d22a491759f8a72f54b16791387c3826e69d2546208d4f4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

x-azure-ref
20241016T175021Z-1588498f885t225nmnp5k1a6wc0000000ad000000000evmv
cache-control
public, max-age=86400
x-ms-version
2018-03-28
content-encoding
br
etag
W/"0x8DCE961488285A1"
x-fd-int-roxy-purgeid
51562430
x-ms-request-id
1255c577-501e-0064-5e6b-1bdf43000000
access-control-allow-origin
*
x-cache
TCP_HIT
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
last-modified
Thu, 10 Oct 2024 19:25:21 GMT
js
www.googletagmanager.com/gtag/ 		277 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-625257977
Requested by
Host: js.hsadspixel.net
URL: https://js.hsadspixel.net/fb.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
4309712ad568a22137c154e03c5357867967139da44aafc7336d555cdea93e4e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 16 Oct 2024 17:50:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 16 Oct 2024 17:01:57 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
97259
x-xss-protection
0
server
Google Tag Manager
js
www.googletagmanager.com/gtag/ 		277 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=AW-625257977&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-52NMHWQ
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.58.206.72 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
mil07s08-in-f8.1e100.net
Software
Google Tag Manager /
Resource Hash
0af95a11c8fd8cefc96919251e336a5cbcc693bb246f57b5e34971899c43e899
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Wed, 16 Oct 2024 17:50:21 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Wed, 16 Oct 2024 17:01:57 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
97207
x-xss-protection
0
server
Google Tag Manager
ns.html
www.googletagmanager.com/ Frame A2F6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/ns.html?id=GTM-52NMHWQ
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/_nuxt/4267bf5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:81d::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://www.firstexchange.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control
no-cache, no-store, must-revalidate
content-encoding
br
content-length
137
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1128:0
content-type
text/html; charset=UTF-8
cross-origin-embedder-policy
require-corp
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
cross-origin-resource-policy
cross-origin
date
Wed, 16 Oct 2024 17:50:21 GMT
expires
Fri, 01 Jan 1990 00:00:00 GMT
pragma
no-cache
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1128:0"}],}
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
vary
*
x-xss-protection
0
collect
h.clarity.ms/ 		0
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://h.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.48/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://www.firstexchange.com/

Response headers

Request-Context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin
https://www.firstexchange.com
Date
Wed, 16 Oct 2024 17:50:22 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true
e6a0dbea67a59a74
pixel.sitescout.com/up/ 		43 B
259 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://pixel.sitescout.com/up/e6a0dbea67a59a74?cntr_url=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Requested by
Host: www.firstexchange.com
URL: https://www.firstexchange.com/IRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
98.98.135.24 Riyadh, Saudi Arabia, ASN21859 (ZEN-ECN, US),
Reverse DNS
Software
AC1.1 /
Resource Hash
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

cache-control
max-age=0,no-cache,no-store
pragma
no-cache
expires
Tue, 11 Oct 1977 12:34:56 GMT
p3p
CP="NON DEVa PSAa PSDa OUR NOR NAV",policyref="/w3c/p3p.xml"
content-length
43
date
Wed, 16 Oct 2024 17:50:21 GMT
content-type
image/gif
server
AC1.1
__ptq.gif
track.hubspot.com/ 		45 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://track.hubspot.com/__ptq.gif?k=1&sd=1600x1200&cd=24-bit&cs=UTF-8&ln=de-de&bfp=90950173&v=1.1&a=39536781&pu=https%3A%2F%2Fwww.firstexchange.com%2FIRS-Provides-Tax-Relief-Extensions-for-Disaster-Victims&t=Tax+Relief+for+Disaster+Victims+Across+the+United+States+and+its+Territories&cts=1729101022159&vi=759690b9633b5fc8ed9bba51c3c220e6&nc=true&u=112840219.759690b9633b5fc8ed9bba51c3c220e6.1729101022156.1729101022156.1729101022156.1&b=112840219.1.1729101022156&cc=15
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6810:7574 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

x-robots-tag
none
x-request-id
d76b0e24-fcb1-44c3-b8fb-5ab4976af909
cf-cache-status
DYNAMIC
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xj77dhmE4A6RQUTpsnco5q2hxI9qownZT2inyIFWRaCmJqK5O7qHbP2JHoBXvuoH8HPb1mBbjikSMMNeEaN9MA4gxYnYq2GhWRj6oqym6j1oyC0Ly8iqNDFwbK9CbkTpqz0OaBIBPJXm5EPi9o6Y"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
x-evy-trace-listener
listener_https
p3p
CP="NOI CUR ADM OUR NOR STA NID"
date
Wed, 16 Oct 2024 17:50:22 GMT
x-hubspot-correlation-id
d76b0e24-fcb1-44c3-b8fb-5ab4976af909
content-type
image/gif
vary
origin, Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-evy-trace-route-service-name
envoyset-translator
cache-control
no-cache, no-store, no-transform
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-evy-trace-served-by-pod
iad02/analytics-tracking-td/envoy-proxy-6c8f7f4884-7x4bl
x-envoy-upstream-service-time
5
access-control-allow-credentials
false
cf-ray
8d39e40cec6565b8-FRA
x-evy-trace-route-configuration
listener_https/all
content-length
45
server
cloudflare
x-evy-trace-virtual-host
all
favicon.ico
www.firstexchange.com/ 		1 KB
2 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.firstexchange.com/favicon.ico
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
20.64.137.138 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a4b01b8573c1249c1a807fde91b315567e1bc450b7c19e8dfbb877720a61b4a8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://www.firstexchange.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains
ETag
"076c53ef498d81:0"
Connection
keep-alive
Referrer-Policy
strict-origin
X-Content-Type-Options
nosniff
x-ms-middleware-request-id
804f8c03-7b36-4178-b0e1-882028160a7f
Accept-Ranges
bytes
Content-Length
1150
Date
Wed, 16 Oct 2024 17:50:22 GMT
X-XSS-Protection
1; mode=block
Content-Type
image/x-icon
Last-Modified
Sat, 16 Jul 2022 09:13:00 GMT
collect
h.clarity.ms/ 		0
285 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://h.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.48/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
51.8.64.151 Washington, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Accept
application/x-clarity-gzip
Referer
https://www.firstexchange.com/

Response headers

Request-Context
appId=cid-v1:b1d896b3-bec7-448b-b764-240152e813e8
Access-Control-Allow-Origin
https://www.firstexchange.com
Date
Wed, 16 Oct 2024 17:50:22 GMT
Vary
Origin
Server
nginx
Connection
keep-alive
Access-Control-Allow-Credentials
true

Verdicts & Comments Add Verdict or Comment

56 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 number| _gtm_init object| _gtm_ids function| _gtm_inject object| dataLayer function| postscribe object| google_tag_manager_external object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| fbq function| _fbq object| uetq function| onYouTubeIframeAPIReady object| gaGlobal object| gaplugins object| gaData object| _hsp function| UET function| UET_init function| UET_push object| ueto_15fa8d64cc boolean| __clearbit_tagsjs object| clearbit function| parcelRequire object| __NUXT__ object| webpackJsonp boolean| PIXELS_RAN object| enabledEventSettings object| _hsq object| __hsCollectedFormsDebug function| sanitizeKey boolean| _hstc_loaded object| cntrUpTag object| hsCookieBanner boolean| _hspb_loaded boolean| _hspb_ran object| clearbitsq object| args string| method function| normalize function| clarity object| clarityuetq object| regeneratorRuntime function| setImmediate function| clearImmediate object| onNuxtReadyCbs function| onNuxtReady object| $nuxt boolean| _hstc_ran object| hsCallsToActionsReady string| __hsUserToken number| expireDateTime

17 Cookies

Domain/Path Name / Value
.firstexchange.com/ Name: _gcl_au
Value: 1.1.1400872470.1729101021
.firstexchange.com/ Name: _ga_74LTHJ3JMC
Value: GS1.1.1729101021.1.0.1729101021.60.0.0
.firstexchange.com/ Name: _ga
Value: GA1.2.1349101208.1729101021
.firstexchange.com/ Name: _gid
Value: GA1.2.886840614.1729101021
.firstexchange.com/ Name: _gat_UA-4657217-40
Value: 1
.firstexchange.com/ Name: _fbp
Value: fb.1.1729101021173.337207793709758183
.firstexchange.com/ Name: _ga_HWDBQR6XH4
Value: GS1.2.1729101021.1.0.1729101021.60.0.0
.firstexchange.com/ Name: cb_user_id
Value: null
.firstexchange.com/ Name: cb_group_id
Value: null
.firstexchange.com/ Name: cb_anonymous_id
Value: %2256a5ee2b-df8e-4f3c-b6bb-84b5f2cc8d29%22
.bing.com/ Name: MUID
Value: 0DFFBE080DEB66A60CDAAB120C47677F
.firstexchange.com/ Name: __hstc
Value: 112840219.759690b9633b5fc8ed9bba51c3c220e6.1729101022156.1729101022156.1729101022156.1
.firstexchange.com/ Name: hubspotutk
Value: 759690b9633b5fc8ed9bba51c3c220e6
.firstexchange.com/ Name: __hssrc
Value: 1
.firstexchange.com/ Name: __hssc
Value: 112840219.1.1729101022156
.hubspot.com/ Name: __cf_bm
Value: Oth_BAghFa.TqZuSAKGDXXV7aVuRGmdOGBiKkaAPFnY-1729101022-1.0.1.1-frI5mGccjwuuW5LeFbJmuAuXmUC81CFFILxR_0qmYNumNiG3HcaHnULOPqdZBR.jXn9TNXY6KnxTosvfPTKrPA
.hubspot.com/ Name: _cfuvid
Value: 9A6s4xC1RAkgjBGwCsnoJcujsd61t6Vxlk4AKIVIGrE-1729101022351-0.0.1.1-604800000

3 Console Messages

Source Level URL
Text
security error URL: https://bat.bing.com/bat.js
Message:
Refused to connect to 'https://bat.bing.net/actionp/0?ti=187115442&Ver=2&mid=e412fced-2615-42a9-ba74-edc517dd5fae&bo=1&evt=consent&src=enforced&cdb=AQAI&asc=D' because it violates the following Content Security Policy directive: "connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://google.com https://*.googleadservices.com https://dc.services.visualstudio.com https://*.ctctcdn.com https://*.constantcontact.com https://cdn.linkedin.oribi.io https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.clearbit.com https://*.bing.com https://*.clarity.ms".
security error URL: https://cdn01.basis.net/assets/up.js?um=1
Message:
Refused to execute inline event handler because it violates the following Content Security Policy directive: "script-src 'sha256-WS1gofTxnEZrBcDfn0V15DakYc+D1XvnYU9YaTtbeIs=' 'self'". Either the 'unsafe-inline' keyword, a hash ('sha256-...'), or a nonce ('nonce-...') is required to enable inline execution. Note that hashes do not apply to event handlers, style attributes and javascript: navigations unless the 'unsafe-hashes' keyword is present.
security error URL: https://bat.bing.com/bat.js
Message:
Refused to connect to 'https://bat.bing.net/actionp/0?ti=187115442&Ver=2&mid=e412fced-2615-42a9-ba74-edc517dd5fae&bo=3&evt=pageHide&asc=D' because it violates the following Content Security Policy directive: "connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://google.com https://*.googleadservices.com https://dc.services.visualstudio.com https://*.ctctcdn.com https://*.constantcontact.com https://cdn.linkedin.oribi.io https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.clearbit.com https://*.bing.com https://*.clarity.ms".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self'; script-src-elem 'self' 'unsafe-eval' 'unsafe-inline' https://*.licdn.com https://connect.facebook.net/ https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.google.com https://*.googleadservices.com https://googleads.g.doubleclick.net http://static.ctctcdn.com https://static.ctctcdn.com https://cdnjs.cloudflare.com https://www.gstatic.com https://cdn01.basis.net https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://tag.clearbitscripts.com https://*.clearbitjs.com https://*.bing.com https://*.clarity.ms; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com http://static.ctctcdn.com https://static.ctctcdn.com; font-src 'self' https://fonts.gstatic.com data:; connect-src 'self' https://stats.g.doubleclick.net https://*.google-analytics.com https://*.google.com https://google.com https://*.googleadservices.com https://dc.services.visualstudio.com https://*.ctctcdn.com https://*.constantcontact.com https://cdn.linkedin.oribi.io https://*.hs-scripts.com https://*.hubapi.com https://*.hs-analytics.net https://*.hs-banner.com https://*.hscollectedforms.net https://*.hsadspixel.net https://*.clearbit.com https://*.bing.com https://*.clarity.ms; frame-src 'self' https://pixel.sitescout.com https://www.youtube.com https://*.google.com https://*.googletagmanager.com https://td.doubleclick.net; img-src * data:; script-src 'sha256-WS1gofTxnEZrBcDfn0V15DakYc+D1XvnYU9YaTtbeIs=' 'self'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api.hubapi.com
app.clearbit.com
b8dcsquab.cc.rs6.net
bat.bing.com
bat.bing.net
cdn01.basis.net
connect.facebook.net
forms.hscollectedforms.net
h.clarity.ms
js.hs-analytics.net
js.hs-banner.com
js.hs-scripts.com
js.hsadspixel.net
js.hscollectedforms.net
pixel.sitescout.com
region1.analytics.google.com
stats.g.doubleclick.net
tag.clearbitscripts.com
track.hubspot.com
www.clarity.ms
www.facebook.com
www.firstexchange.com
www.google-analytics.com
www.google.de
www.googletagmanager.com
x.clearbitjs.com
142.250.186.35
157.240.252.13
20.64.137.138
2001:4860:4802:34::36
208.75.122.11
216.58.206.72
2600:9000:2670:e000:7:d7d6:3c40:93a1
2606:4700:4400::6812:28f0
2606:4700::6810:6bfe
2606:4700::6810:7574
2606:4700::6810:8cd1
2606:4700::6811:afc9
2606:4700::6811:df98
2606:4700::6812:f06c
2620:1ec:29:1::64
2620:1ec:33::10
2620:1ec:c11::237
2a00:1450:4001:81d::2008
2a00:1450:4001:828::200e
2a00:1450:400c:c1d::9a
2a03:2880:f177:83:face:b00c:0:25de
3.127.196.46
41.63.96.2
51.8.64.151
98.98.135.24
03443358e8219c9ac8c5bf9458ea68d66c63bf6f5a639888ee94353508e5a6c9
041e7910e54a2c14ad6002c661d58266ff8998f2b3e8b82401f70f1832f3dfd9
077e232602c986afa164b21fddb424dc8cb085bcb4cb4b649c48aa7d93d33330
0af95a11c8fd8cefc96919251e336a5cbcc693bb246f57b5e34971899c43e899
1fc3e62af282b8c3b57763aa86a290505792c04a0da1c662c531118044feefce
20ccd030ef2dbd52d787d19bf887e01ec9010a71b4b6a3873322e1d8f7785844
2a7cbf139a4b07717596951def2fb897546150e2395b1a2586db71095aa8b895
36b4b4c6757a5d380d22a491759f8a72f54b16791387c3826e69d2546208d4f4
3ae5677f0555d0b86ea9ff2828aeabf37d6f4f255cf574a07bb1e5c94452a0e3
3c656c1d288a32b066f90eead7409ceabb070b4af5addfdb0fb48eef3e0abf30
4309712ad568a22137c154e03c5357867967139da44aafc7336d555cdea93e4e
45b30fa278c84f9f3dcf81f770be098fc8417a6021358d49470ed5c8af9f6376
4bb3b3a23fe2d0f3f42a5f08df071f558dccad57d0284c4c0729abe1373eafa9
54408e6341c4e942aae6595c2ea1151d31903ebd8daa2691182df6bdfc9417ae
56ad124b6a7708ea722972b539ced4b20aed4c83bb818b587198bf6eebbea333
5bbd9766838bf11e3ff360ec5cbb60d6ada352fbad7f7691e24f847313b9b1d4
5be70c2ffb431cf0ee643a3124a200df26213834c436ced176d191464c3100f6
64f79d2b82f30e45a0f64e55d407500f68dd1de845dac688084e88cc4bfff4e4
a065920df8cc4016d67c3a464be90099c9d28ffe7c9e6ee3a18f257efc58cbd7
a3161ad5112296e360c0bc75a7bc6d1d16abe3b9244ff04ff7078475bf13086f
a4b01b8573c1249c1a807fde91b315567e1bc450b7c19e8dfbb877720a61b4a8
a6c548ef8038addc3321cd2cc39b327997e372145a0b83df498283c77aa3174d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
abce2e05af4c452d8bc3f0eb0d9080370c0ca782994032dc0c7845a4141705c1
b2c70b87db25302b7a82893cbf300602e513c3e9acef1d9fce38a79b9a2b3a72
b3ef196200746b1da8ad691f4042db987b39369004da94b117625baf24fb3aae
b493c544bb5bec000c3f54dc15d00c2344d05c4d3ad92b6c42f40c3af22d1561
c0bc00b9b644acc17816d17d13a194be8fd9eeec52a50debecaa413d260ef3ea
c29b03856f293de4118a192a0bededc6792b7b959ef08a1044985ea68db22c75
c3be590171c0375d497714a608a5c4cd4e90e124e1c0cff1807cd8adb156e64b
c955e57777ec0d73639dca6748560d00aa5eb8e12f13ebb2ed9656add3908f97
ca9ead1a878c5a474808166462389da9859bbe06ee7c5e4365029c8062709121
d283582ecd0a07e96c8ecf32123398b9e1c558bfb83cc25254027ec23192b973
dc111a70984a9eda00752b06277113029ef288f1125c31eff2477413e15e8aa4
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e29472d5dbe8590336f976bfab2ba81b4fcb6aef36c21189394fe89273c5bb99
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e414ddced86de7dd644ecc30283810262f8663b40508b41b27bfbcb86ecaff67
e6f25188bd749c94d5b615f375a92e58eed2d68eb2e44139fbc0c0ee56f5cb4f
e91e4de585374ccf372762b1e0de092e633c6d38dbdd33c47c32149874639c07
ebe16325bbf799f721fed43f5fdc642556ec51fab76437a4adaa1b6ac533a18c
edd6259fec3c54b181020b2d8fdd350497f5af595fb85ad3325970cedcfe17d0
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629