urlscan.io logo urlscan.io
SecurityTrails logo

www.nelnetbank.slr.sparrowtest.com Open in urlscan Pro
18.66.112.42  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://nelnetbank.slr.sparrowtest.com/
Effective URL: https://www.nelnetbank.slr.sparrowtest.com/
Submission: On November 14 via automatic, source certstream-suspicious — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 26 IPs in 4 countries across 21 domains to perform 63 HTTP transactions. The main IP is 18.66.112.42, located in United States and belongs to AMAZON-02, US. The main domain is www.nelnetbank.slr.sparrowtest.com.
TLS certificate: Issued by Amazon RSA 2048 M02 on December 15th 2023. Valid for: a year.
This is the only time www.nelnetbank.slr.sparrowtest.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 13.35.58.71 ()
10 18.66.112.42 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
3 2a00:1450:400... 15169 (GOOGLE)
3 35.201.112.186 396982 (GOOGLE-CL...)
1 142.250.186.100 15169 (GOOGLE)
6 2606:4700::68... 13335 (CLOUDFLAR...)
2 2620:1ec:33:2... 8075 (MICROSOFT...)
1 2a02:26f0:350... 20940 (AKAMAI-ASN1)
3 2a00:1450:400... 15169 (GOOGLE)
2 157.240.253.1 32934 (FACEBOOK)
1 52.7.151.245 14618 (AMAZON-AES)
2 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 3 2620:1ec:21::14 8068 (MICROSOFT...)
1 13.107.42.14 8068 (MICROSOFT...)
2 35.186.194.58 15169 (GOOGLE)
4 157.240.253.35 32934 (FACEBOOK)
1 104.17.25.14 13335 (CLOUDFLAR...)
2 52.42.124.195 16509 (AMAZON-02)
1 216.69.100.142 ()
1 35.81.162.201 16509 (AMAZON-02)
1 13.224.189.74 ()
2 18.245.46.19 ()
3 52.20.14.227 ()
1 216.239.32.36 ()
63 26
1    13.35.58.71 (United States)

ASN- ()
PTR: server-13-35-58-71.fra60.r.cloudfront.net
nelnetbank.slr.sparrowtest.com
10    18.66.112.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-66-112-42.fra56.r.cloudfront.net
www.nelnetbank.slr.sparrowtest.com
1    2a00:1450:4001:831::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
3    2a00:1450:4001:827::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
3    35.201.112.186 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 186.112.201.35.bc.googleusercontent.com
edge.fullstory.com
1    142.250.186.100 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s06-in-f4.1e100.net
www.google.com
6    2606:4700::6812:572a (United States)

ASN13335 (CLOUDFLARENET, US)
cdn.cookielaw.org
2    2620:1ec:33:2::10 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
bat.bing.com
1    2a02:26f0:3500:10::210:a9a (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
snap.licdn.com
3    2a00:1450:4001:800::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    157.240.253.1 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-02-fra5.fbcdn.net
connect.facebook.net
1    52.7.151.245 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-7-151-245.compute-1.amazonaws.com
dx.mountain.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c0d::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
3    2620:1ec:21::14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px.ads.linkedin.com
1    13.107.42.14 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
px4.ads.linkedin.com
2    35.186.194.58 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 58.194.186.35.bc.googleusercontent.com
rs.fullstory.com
4    157.240.253.35 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
PTR: edge-star-mini-shv-02-fra5.facebook.com
www.facebook.com
1    104.17.25.14 (None, )

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
2    52.42.124.195 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-52-42-124-195.us-west-2.compute.amazonaws.com
px.mountain.com
1    216.69.100.142 (United States)

ASN- ()
www.nelnet.net
1    35.81.162.201 (Boardman, United States)

ASN16509 (AMAZON-02, US)
PTR: ec2-35-81-162-201.us-west-2.compute.amazonaws.com
gs.mountain.com
1    13.224.189.74 (None, )

ASN- ()
widget.intercom.io
2    18.245.46.19 (None, )

ASN- ()
js.intercomcdn.com
3    52.20.14.227 (None, )

ASN- ()
api-iam.intercom.io
1    216.239.32.36 (None, )

ASN- ()
region1.analytics.google.com
Apex Domain
Subdomains		 Transfer
11 sparrowtest.com
nelnetbank.slr.sparrowtest.com
www.nelnetbank.slr.sparrowtest.com
840 KB
6 cookielaw.org
cdn.cookielaw.org — Cisco Umbrella Rank: 390
120 KB
5 fullstory.com
edge.fullstory.com — Cisco Umbrella Rank: 2630
rs.fullstory.com — Cisco Umbrella Rank: 2600
81 KB
4 intercom.io
widget.intercom.io
api-iam.intercom.io
9 KB
4 facebook.com
www.facebook.com — Cisco Umbrella Rank: 120
425 B
4 linkedin.com
px.ads.linkedin.com — Cisco Umbrella Rank: 404
px4.ads.linkedin.com — Cisco Umbrella Rank: 6892
2 KB
4 mountain.com
dx.mountain.com — Cisco Umbrella Rank: 5404
px.mountain.com — Cisco Umbrella Rank: 5644
gs.mountain.com — Cisco Umbrella Rank: 11087
8 KB
4 google.com
www.google.com — Cisco Umbrella Rank: 4
region1.analytics.google.com — Cisco Umbrella Rank: 3604
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 65
22 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 64
360 KB
2 intercomcdn.com
js.intercomcdn.com
287 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 208
75 KB
2 bing.com
bat.bing.com — Cisco Umbrella Rank: 397
15 KB
1 nelnet.net
www.nelnet.net — Cisco Umbrella Rank: 354958
1 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 275
1 KB
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 171
568 B
1 licdn.com
snap.licdn.com — Cisco Umbrella Rank: 1142
14 KB
1 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 55
1 KB
0 bing.net Failed
bat.bing.net Failed
0 google.de Failed
www.google.de Failed
0 evgnet.com Failed
cdn.evgnet.com Failed
63 21
Domain Requested by
10 www.nelnetbank.slr.sparrowtest.com www.nelnetbank.slr.sparrowtest.com
6 cdn.cookielaw.org www.googletagmanager.com
cdn.cookielaw.org
www.nelnetbank.slr.sparrowtest.com
4 www.facebook.com www.nelnetbank.slr.sparrowtest.com
3 api-iam.intercom.io js.intercomcdn.com
3 px.ads.linkedin.com 1 redirects snap.licdn.com
3 region1.analytics.google.com www.nelnetbank.slr.sparrowtest.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
www.nelnetbank.slr.sparrowtest.com
3 edge.fullstory.com www.nelnetbank.slr.sparrowtest.com
edge.fullstory.com
3 www.googletagmanager.com www.nelnetbank.slr.sparrowtest.com
www.googletagmanager.com
www.google-analytics.com
2 js.intercomcdn.com widget.intercom.io
2 px.mountain.com dx.mountain.com
px.mountain.com
2 rs.fullstory.com edge.fullstory.com
2 connect.facebook.net www.nelnetbank.slr.sparrowtest.com
connect.facebook.net
2 bat.bing.com www.googletagmanager.com
bat.bing.com
1 widget.intercom.io www.nelnetbank.slr.sparrowtest.com
1 gs.mountain.com px.mountain.com
1 www.nelnet.net www.nelnetbank.slr.sparrowtest.com
1 cdnjs.cloudflare.com www.nelnetbank.slr.sparrowtest.com
1 px4.ads.linkedin.com www.nelnetbank.slr.sparrowtest.com
1 stats.g.doubleclick.net www.googletagmanager.com
1 dx.mountain.com www.nelnetbank.slr.sparrowtest.com
1 snap.licdn.com www.nelnetbank.slr.sparrowtest.com
1 www.google.com www.googletagmanager.com
1 fonts.googleapis.com www.nelnetbank.slr.sparrowtest.com
1 nelnetbank.slr.sparrowtest.com 1 redirects
0 bat.bing.net Failed www.nelnetbank.slr.sparrowtest.com
0 www.google.de Failed www.nelnetbank.slr.sparrowtest.com
0 cdn.evgnet.com Failed www.googletagmanager.com
63 28

This site contains links to these domains. Also see Links.

Domain
www.sparrowfi.com
onetrust.com
www.nelnetbank.com
Subject Issuer Validity Valid
www.nelnetbank.slr.sparrowtest.com
Amazon RSA 2048 M02		 2023-12-15 -
2025-01-12		 a year crt.sh
upload.video.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
*.google-analytics.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
edge.fullstory.com
WR3		 2024-10-20 -
2025-01-18		 3 months crt.sh
*.google.com
WR2		 2024-10-21 -
2025-01-13		 3 months crt.sh
cookielaw.org
WE1		 2024-10-11 -
2025-01-09		 3 months crt.sh
www.bing.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-09-16 -
2025-03-15		 6 months crt.sh
snap.licdn.com
DigiCert SHA2 Secure Server CA		 2023-12-13 -
2024-12-12		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-08-23 -
2024-11-21		 3 months crt.sh
*.mountain.com
Go Daddy Secure Certificate Authority - G2		 2024-05-23 -
2025-06-24		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-10-07 -
2024-12-30		 3 months crt.sh
www.linkedin.com
DigiCert SHA2 Secure Server CA		 2024-10-14 -
2025-04-14		 6 months crt.sh
rs.fullstory.com
WR3		 2024-10-22 -
2025-01-20		 3 months crt.sh
cdnjs.cloudflare.com
WE1		 2024-09-28 -
2024-12-27		 3 months crt.sh
www.nelnet.net
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-11-06 -
2025-11-06		 a year crt.sh
*.intercom.com
Amazon RSA 2048 M03		 2024-01-15 -
2025-02-11		 a year crt.sh
*.intercomcdn.com
Amazon RSA 2048 M02		 2024-10-31 -
2025-11-28		 a year crt.sh

This page contains 4 frames:

Primary Page: https://www.nelnetbank.slr.sparrowtest.com/
Frame ID: 7DD6829B024409B699E2550690195CB5
Requests: 60 HTTP requests in this frame

Frame: data://truncated
Frame ID: AE3CD237CE3F7FF7E793E56A59779CE0
Requests: 2 HTTP requests in this frame

Frame: https://edge.fullstory.com/s/fs.js
Frame ID: BF0C60C9735FE6F6B119637577C02AC5
Requests: 1 HTTP requests in this frame

Frame: https://js.intercomcdn.com/frame-modern.824d1611.js
Frame ID: 69B620C45ED252B74710762D618FD40C
Requests: 5 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Nelnet Bank

Page URL History Show full URLs

  1. https://nelnetbank.slr.sparrowtest.com/ HTTP 301
    https://www.nelnetbank.slr.sparrowtest.com/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • <!-- (?:End )?Google Tag Manager -->
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • snap\.licdn\.com/li\.lms-analytics/insight\.min\.js
Overall confidence: 100%
Detected patterns
  • cdn\.cookielaw\.org
  • otSDKStub\.js

Page Statistics

63
Requests

89 %
HTTPS

35 %
IPv6

21
Domains

28
Subdomains

26
IPs

4
Countries

1837 kB
Transfer

6281 kB
Size

14
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://nelnetbank.slr.sparrowtest.com/ HTTP 301
    https://www.nelnetbank.slr.sparrowtest.com/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 23
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F HTTP 302
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&e_ipv6=AQLxRfPgz93WXAAAAZMpyQ99nmSdtTU9c34TiQRDWhsWCk_LIu-UWaNI9wDopNI1YjNUMI8

63 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
www.nelnetbank.slr.sparrowtest.com/
Redirect Chain
  • https://nelnetbank.slr.sparrowtest.com/
  • https://www.nelnetbank.slr.sparrowtest.com/
4 KB
6 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
CloudFront /
Resource Hash
02939a2456598ea6b3e286ecaf8929223ce791cf866084c1b8e91e6eb99a05f2
Security Headers
Name Value
Content-Security-Policy block-all-mixed-content; default-src 'self'; script-src 'nonce-ciZ0T3h8spuH/x+wCJYywQ==' 'strict-dynamic' 'self' widget.intercom.io *.intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com *.fullstory.com https://*.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net *.sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' *.intercomcdn.com *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net; img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36

Response headers

cache-control
36000
content-length
4340
content-security-policy
block-all-mixed-content; default-src 'self'; script-src 'nonce-ciZ0T3h8spuH/x+wCJYywQ==' 'strict-dynamic' 'self' widget.intercom.io *.intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com *.fullstory.com https://*.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net *.sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' *.intercomcdn.com *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net; img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
content-type
text/html
date
Thu, 14 Nov 2024 08:27:41 GMT
referrer-policy
strict-origin
server
CloudFront
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-id
ONK-slro7-UTR6oYNTN-ijVdsoakG7SYc2Sgzc76VC8D_WTFpbSwzA==
x-amz-cf-pop
FRA56-P5
x-cache
LambdaGeneratedResponse from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY

Redirect headers

cache-control
36000
content-length
0
date
Thu, 14 Nov 2024 08:27:42 GMT
location
https://www.nelnetbank.slr.sparrowtest.com/
referrer-policy
strict-origin
server
AmazonS3
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 43244f77affffa1d8942dd025413b8d8.cloudfront.net (CloudFront)
x-amz-cf-id
-C_37b3uo-B1Vu8DEp8jAonCDJDJDPMshREGqopwbGGYXFFET1T9FQ==
x-amz-cf-pop
FRA60-P10
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
css2
fonts.googleapis.com/ 		8 KB
1 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css2?family=Mate&family=Oswald:wght@600;700&family=PT+Sans:wght@400;700&display=swap
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:831::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
729b4931457b15d335860cf1a2d9d3613e40f3c1deb0367c781d32303cdb3e79
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Thu, 14 Nov 2024 08:27:41 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:41 GMT
content-type
text/css; charset=utf-8
vary
Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
last-modified
Thu, 14 Nov 2024 08:27:41 GMT
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31536000
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
cross-origin-resource-policy
cross-origin
access-control-allow-origin
*
x-xss-protection
0
server
ESF
index-BrD-iuFc.js
www.nelnetbank.slr.sparrowtest.com/assets/ 		2 MB
608 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/index-BrD-iuFc.js
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e86c9ac3be37614df8f5981e23bc1952a5598265bc48839004eb3aa2575de844
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
etag
W/"3f24b9a59705169d241b90b8b5bd0716"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
8kZAprBgRf9wKiMXFAQXTiack86tNxF17dG6eQOdX_xGnmGCX2dMrg==
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
application/javascript
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
index-BYqIiPQ6.css
www.nelnetbank.slr.sparrowtest.com/assets/ 		156 KB
29 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
25a23f99d58e3cdecf7c148aa921a390b283666aeccc09e1fb7932ccdb219d92
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
etag
W/"7347149350beb05291491b0da739fe35"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
I6K53nDq3UrVIlJnPOJLDDYFtwA7BJNdCg8hnIn5J4ufRyHf3791iA==
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
text/css
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
gtm.js
www.googletagmanager.com/ 		421 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
e3338269de86e285fc3a25a5043fc950ec056868d929237281dfe2d30e0dc3be
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Thu, 14 Nov 2024 08:27:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 14 Nov 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
133746
x-xss-protection
0
server
Google Tag Manager
fs.js
edge.fullstory.com/s/ 		286 KB
78 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
br
x-goog-hash
crc32c=i5SFWQ==, md5=dchxFTsSf6lAYIskBmwaVA==
etag
"75c871153b127fa940608b24066c1a54"
age
44
x-goog-stored-content-encoding
br
expires
Thu, 14 Nov 2024 09:26:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
79062
date
Thu, 14 Nov 2024 08:26:57 GMT
last-modified
Wed, 13 Nov 2024 17:23:07 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY2gnEIGdVyk41-ldO08D6tead1qJ5qcCCj0V-1JmAC09KrSslvWWn45Vsqg4KI8wl8VDZhA4a5xfg
cache-control
public, max-age=3600,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731518587389058
content-length
79062
server
UploadServer
web
edge.fullstory.com/s/settings/BB4ET/v1/ 		13 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/settings/BB4ET/v1/web
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
b8c093e6f421e3e70117b9b6bc33ed5b4cdfbd6cf1a1c8fdedbf38e6c441b9bc

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
gzip
x-goog-hash
crc32c=2qnAMw==, md5=3nkp95ZLecTN9U69hQ3ajw==
etag
"de7929f7964b79c4cdf54ebd850dda8f"
x-goog-stored-content-encoding
gzip
expires
Thu, 14 Nov 2024 08:42:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
1792
date
Thu, 14 Nov 2024 08:27:42 GMT
last-modified
Thu, 14 Nov 2024 08:25:39 GMT
content-type
application/json
x-guploader-uploadid
AHmUCY2Jc8N1CmqpIqNsDEwP6cHp2AD_jssCy0nRf2QSizN8qKpslRk64RIglDC67yxH_EYD0Sk5CvYPPw
cache-control
public,max-age=900,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731572739851022
content-length
1792
server
UploadServer
collect
www.google.com/ccm/ 		0
0 		Ping
General
Check archive.org
Download Go to
Full URL
https://www.google.com/ccm/collect?en=page_view&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&scrsrc=www.googletagmanager.com&frm=0&rnd=2140369745.1731572862&auid=1585638466.1731572862&npa=1&gtm=45He4bc0v833140375za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067554~102067807~102077855&tft=1731572862244&tfd=1159&apve=1
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.186.100 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s06-in-f4.1e100.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers
js
www.googletagmanager.com/gtag/ 		409 KB
131 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
8cc69d7376704c587dc18797f07d562f89dbd22c39a5a6bb70661ed161b1950b
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Thu, 14 Nov 2024 08:27:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
134163
x-xss-protection
0
server
Google Tag Manager
otSDKStub.js
cdn.cookielaw.org/scripttemplates/ 		22 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
Vo/d0f3ZefkwyML/PnJnjg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8DD03B52B60A337
x-ms-lease-status
unlocked
cf-cache-status
HIT
age
16975
x-content-type-options
nosniff
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript
last-modified
Wed, 13 Nov 2024 07:31:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
8676ee84-f01e-0019-699f-35bfe2000000
cf-ray
8e259fb5dc2dbb7f-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
7212
x-ms-blob-type
BlockBlob
server
cloudflare
destination
www.googletagmanager.com/gtag/ 		283 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/destination?id=AW-541544738&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:827::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1188e0213d8d7fb1a53647b398a1280cce9edde25e71d1d8689ad4673f5501f9
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcysghrgc:42:0"}],}
expires
Thu, 14 Nov 2024 08:27:42 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 14 Nov 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcysghrgc:42:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
99714
x-xss-protection
0
server
Google Tag Manager
bat.js
bat.bing.com/ 		50 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
gzip
etag
"028e0691d20db1:0"
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: DC5B485D78F349CE8C81041E8AA633F6 Ref B: LON212050701033 Ref C: 2024-11-14T08:27:42Z
accept-ranges
bytes
x-cache
CONFIG_NOCACHE
content-length
14570
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript
last-modified
Wed, 16 Oct 2024 22:47:44 GMT
vary
Accept-Encoding
insight.min.js
snap.licdn.com/li.lms-analytics/ 		40 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://snap.licdn.com/li.lms-analytics/insight.min.js
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2a02:26f0:3500:10::210:a9a Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
/
Resource Hash
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
max-age=64820
content-encoding
gzip
x-cdn
AKAM
x-content-type-options
nosniff
accept-ranges
bytes
content-length
14628
date
Thu, 14 Nov 2024 08:27:42 GMT
last-modified
Thu, 22 Aug 2024 10:43:55 GMT
content-type
application/javascript;charset=utf-8
vary
Accept-Encoding
x-amz-server-side-encryption
AES256
evergage.min.js
cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/ 		0
0
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
age
3455
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:225:0"}],}
x-content-type-options
nosniff
expires
Thu, 14 Nov 2024 09:30:07 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 07:30:07 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
content-type
text/javascript
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:225:0
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
20994
server
Golfe2
truncated
/ Frame AE3C 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame AE3C 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
499aa82b-54fa-47f1-a6f3-e08d213f8337.json
cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/ 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/499aa82b-54fa-47f1-a6f3-e08d213f8337.json
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2cf210fd84fd02e9dd57208fdec607d5dbea51d3b7eee241ef042d359e51b9c1
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
1EorCQ8AS0h4XDu7bpKumw==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
0x8DC7A9CE49F587D
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 08:27:42 GMT
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/json
last-modified
Wed, 22 May 2024 20:22:24 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
e5609716-701e-0021-471f-35febb000000
cf-ray
8e259fb71997dc52-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
1518
x-ms-blob-type
BlockBlob
server
cloudflare
fbevents.js
connect.facebook.net/en_US/ 		239 KB
61 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-QuroKaI8' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-QuroKaI8' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=23, mss=1232, tbw=4442, tp=9, tpl=0, uplat=0, ullat=-1
pragma
public
x-fb-debug
1b+fb2Bsc5EkPCzt3V6FQe88vX+Mx/qGeS1gji7cu/sCL+t9pU4KDYhrG6y8XVPveRKy0JxriRquhlWXeVsdeQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
content-length
62107
x-xss-protection
0
origin-agent-cluster
?1
spx
dx.mountain.com/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://dx.mountain.com/spx?dxver=4.0.0&shaid=37208&tdr=&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=29769847530831010term=value
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.7.151.245 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-7-151-245.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
1594fe05c1682143228f88a5e3793446893b1d77c2ccb2834c15a63fed6f31fa

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
1
expires
Thu, 01 Jan 1970 00:00:00 GMT
be
spx-prod
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript;charset=utf-8
vary
origin,access-control-request-method,access-control-request-headers,accept-encoding
server
istio-envoy
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je4bc0v9100074456z8833140375za200zb833140375&_p=1731572861861&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102077855&cid=1716270003.1731572863&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1731572862&sct=1&seg=0&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&dt=Nelnet%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=1462
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
568 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-E85CJLWCP7&cid=1716270003.1731572863&gtm=45je4bc0v9100074456z8833140375za200zb833140375&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102077855
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-E85CJLWCP7&l=dataLayer&cx=c&gtm=45He4bc0v833140375za200
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c0d::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.de/ads/ 		0
0
attribution_trigger
px.ads.linkedin.com/ 		2 B
815 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/attribution_trigger?pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

x-li-pop
afd-prod-ltx1-x
content-encoding
gzip
x-fs-uuid
000626db3964bf1a4b18a6dbfc901f2a
x-msedge-ref
Ref A: 86D42C778A654883A98332979BBD5C6E Ref B: DUS30EDGE0713 Ref C: 2024-11-14T08:27:42Z
x-li-fabric
prod-ltx1
x-restli-protocol-version
1.0.0
access-control-allow-methods
GET, OPTIONS
x-li-uuid
AAYm2zlkvxpLGKbb/JAfKg==
x-li-proto
http/2
access-control-allow-origin
*
x-cache
CONFIG_NOCACHE
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/json
access-control-allow-headers
*
collect
px4.ads.linkedin.com/
Redirect Chain
  • https://px.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F
  • https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&e_ipv6=AQLxRfPgz93WXAAAAZMpyQ99nmSdtTU9c34TiQRDWhsWCk_LIu-UWaN...
0
265 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&e_ipv6=AQLxRfPgz93WXAAAAZMpyQ99nmSdtTU9c34TiQRDWhsWCk_LIu-UWaNI9wDopNI1YjNUMI8
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Server
13.107.42.14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 4EE7E491F9264FAFABE568652776FB9A Ref B: FRAEDGE1305 Ref C: 2024-11-14T08:27:43Z
x-li-fabric
prod-lva1
x-li-uuid
AAYm2zlofYEQHql3Bz0MLg==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript

Redirect headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
location
https://px4.ads.linkedin.com/collect?v=2&fmt=js&pid=2735348&time=1731572862575&url=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&e_ipv6=AQLxRfPgz93WXAAAAZMpyQ99nmSdtTU9c34TiQRDWhsWCk_LIu-UWaNI9wDopNI1YjNUMI8
x-msedge-ref
Ref A: 1DC4D129C24242B58BB0438856015253 Ref B: FRAEDGE2019 Ref C: 2024-11-14T08:27:42Z
x-li-fabric
prod-lva1
x-li-uuid
AAYm2zlkaZ99+TzbJ7251Q==
x-li-proto
http/2
x-cache
CONFIG_NOCACHE
content-length
0
date
Thu, 14 Nov 2024 08:27:42 GMT
collect
www.google-analytics.com/j/ 		15 B
448 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1233822027&t=pageview&_s=1&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&ul=de-de&de=UTF-8&dt=Nelnet%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACAABBAAAACAEC~&jid=2090708240&gjid=194105469&cid=1716270003.1731572863&tid=UA-180194408-1&_gid=925792397.1731572863&_r=1&_slc=1&gtm=45He4bc0n815Z2DDNRv833140375za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067554~102067807~102077855&npa=1&z=199362948
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
5cbf1455bbcabfd9a9a069e1d46f48f491347737ab6990f926d5cba7ac25850a
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:175:0"}],}
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:42 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
text/plain
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:175:0
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
15
server
Golfe2
collect
www.google-analytics.com/ 		35 B
345 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=1233822027&t=event&ni=1&_s=1&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&ul=de-de&de=UTF-8&dt=Nelnet%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=scroll%20depth&ea=%25&el=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&_u=aCHACAABBAAAACAEC~&jid=&gjid=&cid=1716270003.1731572863&tid=UA-180194408-1&_gid=925792397.1731572863&gtm=45He4bc0n815Z2DDNRv833140375za200&gcd=13l3l3l2l1l1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067554~102067807~102077855&npa=1&z=1370199535
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:800::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

age
60969
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsgac:163:0"}],}
x-content-type-options
nosniff
expires
Mon, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Wed, 13 Nov 2024 15:31:33 GMT
last-modified
Sun, 17 May 1998 03:00:00 GMT
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsgac:163:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
35
server
Golfe2
136025897.js
bat.bing.com/p/action/ 		363 B
415 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/136025897.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:33:2::10 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
a1fec7acc9e28feaa2280cd08d30cab4cac8e9557fb8fb35ab6ffcd1e28fade8
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
private,max-age=1800
content-encoding
br
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: EF552DA9F7144CE5A75DBCFDDFCCDCBD Ref B: LON212050701033 Ref C: 2024-11-14T08:27:42Z
x-cache
CONFIG_NOCACHE
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript; charset=utf-8
vary
Accept-Encoding
5669557999823491
connect.facebook.net/signals/config/ 		69 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/5669557999823491?v=2.9.176&r=stable&domain=www.nelnetbank.slr.sparrowtest.com&hme=872f04a0547459b3285cb03b0d7a47bfde40628f4b386809918a621e2688602f&ex_m=70%2C121%2C107%2C111%2C61%2C4%2C100%2C69%2C16%2C97%2C89%2C51%2C54%2C172%2C175%2C187%2C183%2C184%2C186%2C29%2C101%2C53%2C77%2C185%2C167%2C170%2C180%2C181%2C188%2C131%2C41%2C189%2C190%2C34%2C143%2C15%2C50%2C195%2C194%2C133%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C93%2C17%2C14%2C96%2C92%2C91%2C108%2C52%2C110%2C39%2C109%2C30%2C94%2C26%2C168%2C171%2C140%2C86%2C56%2C84%2C33%2C73%2C0%2C95%2C32%2C28%2C82%2C83%2C88%2C47%2C46%2C87%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C102%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C104%2C103%2C105%2C98%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C90%2C81%2C44%2C35%2C85%2C2%2C36%2C63%2C42%2C106%2C45%2C79%2C68%2C112%2C60%2C59%2C31%2C99%2C58%2C55%2C49%2C78%2C72%2C24%2C113
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.1 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
xx-fbcdn-shv-02-fra5.fbcdn.net
Software
/
Resource Hash
2cebfaa1a65eaf1ce0029bf83a194c77bee98eaf7c6fa48ae2a18e2ea87e9bc2
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-tgbiZIfH' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/x-javascript; charset=utf-8
vary
Accept-Encoding
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=31536000; preload; includeSubDomains
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src 'nonce-tgbiZIfH' *.fbcdn.net *.facebook.net blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cache-control
public, max-age=1200
timing-allow-origin
*
cross-origin-opener-policy
same-origin-allow-popups
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=44, rtx=0, c=77, mss=1232, tbw=70360, tp=66, tpl=0, uplat=135, ullat=0
pragma
public
x-fb-debug
8q+wotIM0bS/FbfIk6ywBwrzcWgOb8S+HPw0OQAFBIjRRruFqlVSnn4BzR2H8TTwevaKGjZz27hXuMjDDVohyQ==
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?1
js
www.googletagmanager.com/gtag/ 		0
0
otBannerSdk.js
cdn.cookielaw.org/scripttemplates/6.9.0/ 		341 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/otBannerSdk.js
Requested by
Host: cdn.cookielaw.org
URL: https://cdn.cookielaw.org/scripttemplates/otSDKStub.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0a7830da379aef49b3b3fbfc95e22edb88bc29a7dcaaee81f68a2d4ffdc42b48
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
56jOXvghU3RiFIKiZ2Zh+g==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
x-ms-lease-status
unlocked
cf-bgj
minify
cf-cache-status
HIT
x-ms-version
2009-09-19
age
20993
content-encoding
gzip
x-content-type-options
nosniff
cf-polished
origSize=349017
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/javascript
last-modified
Fri, 20 Nov 2020 16:34:12 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
395cacfc-501e-00fa-1b66-255a6d000000
cf-ray
8e259fb81e13bb7f-FRA
access-control-allow-origin
*
x-ms-blob-type
BlockBlob
server
cloudflare
page
rs.fullstory.com/rec/ 		1 KB
850 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/page
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
a8d106c860b2731ec5a13b381a9ac890a2bff2822c36d2034f9d53cc2cf15321

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
access-control-allow-credentials
true
via
1.1 google
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
655
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/json; charset=utf-8
0
bat.bing.net/action/ 		0
0
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731572862854&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12316&fbp=fb.1.1731572862851.7537704923688037&pm=1&hrl=ae1ffb&ler=empty&cdl=API_unavailable&it=1731572862630&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=GET
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=43, rtx=0, c=23, mss=1232, tbw=4487, tp=10, tpl=0, uplat=0, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
199 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731572862854&sw=1600&sh=1200&v=2.9.176&r=stable&ec=0&o=12316&fbp=fb.1.1731572862851.7537704923688037&pm=1&hrl=ae1ffb&ler=empty&cdl=API_unavailable&it=1731572862630&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=FGET
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7437048813327377220"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
rtdi0taR1FP+tu+TJAcqkSvMQsvmGTUs7hClnF7RhKSckPzOlGXw73fd/5RgKEN0/ZauGI/iCy1CKtDhbauGTg==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7437048813327377220", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=42, rtx=0, c=23, mss=1232, tbw=4855, tp=13, tpl=0, uplat=182, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
en.json
cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/f3a72441-cbec-484c-9e4d-b4b598b959f2/ 		83 KB
18 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/consent/499aa82b-54fa-47f1-a6f3-e08d213f8337/f3a72441-cbec-484c-9e4d-b4b598b959f2/en.json
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fed8976f8267731abcd84353ce8d211fd7b654322572680e463e3a56712f0e50
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
rQYOn8HBZ7Xqi0CqCBAWzQ==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
cf-cache-status
REVALIDATED
etag
0x8DC7A9CE7FC2FF6
x-ms-lease-status
unlocked
x-ms-version
2009-09-19
x-content-type-options
nosniff
expires
Fri, 15 Nov 2024 08:27:42 GMT
date
Thu, 14 Nov 2024 08:27:42 GMT
content-type
application/json
last-modified
Wed, 22 May 2024 20:22:30 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
public, max-age=86400
cross-origin-resource-policy
cross-origin, cross-origin
x-ms-request-id
907bcf43-401e-004f-771f-355792000000
cf-ray
8e259fb91d85dc52-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
18714
x-ms-blob-type
BlockBlob
server
cloudflare
otFlat.json
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 		13 KB
4 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otFlat.json
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
nLr4hEi4fuLY/p0DQsLcMA==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D88D721792550E
x-ms-lease-status
unlocked
cf-cache-status
REVALIDATED
x-content-type-options
nosniff
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
application/json
last-modified
Fri, 20 Nov 2020 16:34:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
07ceb578-801e-00d1-011f-352ed5000000
cf-ray
8e259fb9ff26dc52-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
3343
x-ms-blob-type
BlockBlob
server
cloudflare
otPcCenter.json
cdn.cookielaw.org/scripttemplates/6.9.0/assets/ 		62 KB
15 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.cookielaw.org/scripttemplates/6.9.0/assets/otPcCenter.json
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6812:572a , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-md5
ue/MTNcIjSCNWtleQfbrzg==
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Last-Modified,ETag,Content-MD5,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding
content-encoding
gzip
x-ms-version
2009-09-19
etag
0x8D88D7217E98574
x-ms-lease-status
unlocked
cf-cache-status
MISS
x-content-type-options
nosniff
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
application/json
last-modified
Fri, 20 Nov 2020 16:34:03 GMT
vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=86400
cross-origin-resource-policy
cross-origin
x-ms-request-id
0dea05d7-701e-00ed-5f6f-369a0e000000
cf-ray
8e259fb9ff28dc52-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
14986
x-ms-blob-type
BlockBlob
server
cloudflare
fs.js
edge.fullstory.com/s/ Frame BF0C 		286 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://edge.fullstory.com/s/fs.js
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.201.112.186 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
186.112.201.35.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer

Response headers

x-goog-metageneration
1
access-control-expose-headers
Content-Length, Date, Server, Transfer-Encoding, X-GUploader-UploadID, X-Google-Trace
content-encoding
br
x-goog-hash
crc32c=i5SFWQ==, md5=dchxFTsSf6lAYIskBmwaVA==
etag
"75c871153b127fa940608b24066c1a54"
age
44
x-goog-stored-content-encoding
br
expires
Thu, 14 Nov 2024 09:26:57 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-goog-stored-content-length
79062
date
Thu, 14 Nov 2024 08:26:57 GMT
last-modified
Wed, 13 Nov 2024 17:23:07 GMT
content-type
application/javascript
vary
Accept-Encoding
x-guploader-uploadid
AHmUCY2gnEIGdVyk41-ldO08D6tead1qJ5qcCCj0V-1JmAC09KrSslvWWn45Vsqg4KI8wl8VDZhA4a5xfg
cache-control
public, max-age=3600,no-transform
x-goog-storage-class
MULTI_REGIONAL
accept-ranges
bytes
access-control-allow-origin
*
x-goog-generation
1731518587389058
content-length
79062
server
UploadServer
BasierCircle-Regular-kuEpW37U.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Regular-kuEpW37U.woff2
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
bc27ad01d2f8eb11cfdb80ff708214db38c85a0e039f772a282a8757b0230193
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"43deb08ceb3cdc04cb644394052e8b66"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
rEzSYdfBNFfq3PVp5bA4zb5KUpLpPcu1GGGwSc7a9yMF8rYxCrm_rg==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
binary/octet-stream
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
17552
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
BasierCircle-Bold-BRwEG-Yr.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 		17 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Bold-BRwEG-Yr.woff2
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
6e05ff1a7ed11597c87b4df200fb58a0dac512021bd03a3b52ee41f64ce69846
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"2104effc36d9963b5763a035b2b4d8c2"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
tReOXNjsAugrsDXarhBVgrKjHot7koRf7O3oo1Hy0zQt3pZUS98LWQ==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
binary/octet-stream
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
17800
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
BasierCircle-SemiBold-DG-qiOZi.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-SemiBold-DG-qiOZi.woff2
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3a4cc28baf83799e86168d5f90ea9a7544b593042e90e6b0ef2cb3ce15363d96
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"6cf2b070a29ee4540f10ffca7d8f0e57"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
kz0WROQgRheoZhm4EXZSQddL9ai-fJBu1zOpGDzUhgHl_UaFpwgi9Q==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
binary/octet-stream
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
18304
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
BasierCircle-Medium-Bs0rI2ah.woff2
www.nelnetbank.slr.sparrowtest.com/assets/ 		18 KB
18 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/BasierCircle-Medium-Bs0rI2ah.woff2
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
efa9095d7835cec77935c57cf99e63942bcda1a59e487ae23523647d8f8c270e
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"99ef4d64ac4301d9c452b74e81f235af"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
oNu_CCix0Zt_axm9JPI5Lk56rcSBt48ARvBovR1w4Gm90FM8i6jcrg==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
binary/octet-stream
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
18256
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
icomoon-BXBee3-m.ttf
www.nelnetbank.slr.sparrowtest.com/assets/ 		19 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/icomoon-BXBee3-m.ttf?qubszx
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BYqIiPQ6.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
561eacd7a78089616588e8c34af06cce4d7592f578f62d2db2ebb66596483051
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Origin
https://www.nelnetbank.slr.sparrowtest.com
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"93e0dc57cf80c039510a4b929f8699ee"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
DM9HzTEj3AlTaX9V7qWudMNaQNKObyVh6FDfqMDXgXJbS13OJ4xqxw==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
binary/octet-stream
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
19396
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
/
www.facebook.com/tr/ 		0
16 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731572863656&sw=1600&sh=1200&v=2.9.176&r=stable&ec=1&o=12316&fbp=fb.1.1731572862851.7537704923688037&pm=1&hrl=2c8521&ler=empty&cdl=API_unavailable&it=1731572862630&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=GET
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=49, rtx=0, c=26, mss=1232, tbw=7815, tp=20, tpl=0, uplat=1, ullat=0
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
access-control-allow-origin
alt-svc
h3=":443"; ma=86400
content-length
0
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
text/plain
server
proxygen-bolt
priority
u=3,i
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=5669557999823491&ev=PageView&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com&rl=&if=false&ts=1731572863656&sw=1600&sh=1200&v=2.9.176&r=stable&ec=1&o=12316&fbp=fb.1.1731572862851.7537704923688037&pm=1&hrl=2c8521&ler=empty&cdl=API_unavailable&it=1731572862630&coo=false&cs_cc=1&cas=7085164444926293%2C6986335164826165&rqm=FGET
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
157.240.253.35 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
edge-star-mini-shv-02-fra5.facebook.com
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
zstd
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7437048817545091698"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
x-content-type-options
nosniff
expires
Sat, 01 Jan 2000 00:00:00 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
image/png
vary
Accept-Encoding
x-fb-debug
VG8IFmkD3fmak1q9kYEu8k3lQ+wTCQiewwCsLR9CvxUy/5O4jSTSRJqrm1FEXb5EvE0+8Nze4c4B77qXIWVWjg==
priority
u=3,i
x-frame-options
DENY
strict-transport-security
max-age=15552000; preload
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7437048817545091698", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com *.facebook.com *.fbcdn.net;script-src *.facebook.com *.fbcdn.net 'unsafe-inline' blob: data: 'self' 'wasm-unsafe-eval';style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline';connect-src *.facebook.com facebook.com *.fbcdn.net wss://*.facebook.com:* wss://*.fbcdn.net attachment.fbsbx.com blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ *.fbsbx.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net blob: android-webview-video-poster: *.oculuscdn.com https://paywithmybank.com/ https://*.paywithmybank.com/;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data:;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;
cache-control
private, no-store, no-cache, must-revalidate
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=49, rtx=0, c=26, mss=1232, tbw=8007, tp=22, tpl=0, uplat=39, ullat=0
cross-origin-opener-policy
same-origin-allow-popups
pragma
no-cache
cross-origin-resource-policy
cross-origin
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
document-policy
force-load-at-top
x-xss-protection
0
origin-agent-cluster
?0
logo-_0_dPQwB.png
www.nelnetbank.slr.sparrowtest.com/assets/ 		103 KB
104 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nelnetbank.slr.sparrowtest.com/assets/logo-_0_dPQwB.png
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
422089279a8d45dacd36064f612cfb1215a1e5186686a3da70ac577807a21ee4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"717e09807be349740177a1b5465b5596"
x-content-type-options
nosniff
x-cache
Miss from cloudfront
x-amz-cf-id
AvNopuFr61OI2cMphWqxDxghBhWfgziShLmW9EubsvZo8iBaDiHsdA==
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
image/png
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
105663
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
truncated
/ 		1018 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
4fc817364277ef9c6b2de3747b0f9a06c5e91696eb304cd3b025f0ac5fc1b858

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
truncated
/ 		736 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
3883e9c7bd01cd5c2f70a3a90f7efbdd848b72f099651ef2caff00257cceda63

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ 		4 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
ea16d67ed8233e371bfa427a71e4576c39e87ed45123738b53b94c31b5f95779

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/svg+xml
1f1fa-1f1f8.svg
cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/ 		2 KB
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cdnjs.cloudflare.com/ajax/libs/twemoji/14.0.2/svg/1f1fa-1f1f8.svg
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.17.25.14 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cf-cdnjs-via
cfworker/kv
content-encoding
br
cf-cache-status
HIT
etag
"659a11a8-2a0"
age
54647
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=0CL2OObKmIeaAaWzcaAhK5dNcfOmaHbv8oGsaDopUABmraQxiHen9qBjSt63WS%2FGpnIS0dw1d7Z3yfiuXkVqApU%2BP7N19OVH34Ck865R6kGnwEm4dHcPcoKBUHcERY2vK39IhWAx"}],"group":"cf-nel","max_age":604800}
x-content-type-options
nosniff
expires
Tue, 04 Nov 2025 08:27:43 GMT
alt-svc
h3=":443"; ma=86400
date
Thu, 14 Nov 2024 08:27:43 GMT
content-type
image/svg+xml; charset=utf-8
last-modified
Sun, 07 Jan 2024 03:51:20 GMT
vary
Accept-Encoding
strict-transport-security
max-age=15780000
cache-control
public, max-age=30672000
timing-allow-origin
*
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
cross-origin-resource-policy
cross-origin
cf-ray
8e259fbfac0b9f48-FRA
accept-ranges
bytes
access-control-allow-origin
*
content-length
672
server
cloudflare
/
px.ads.linkedin.com/wa/ 		0
209 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://px.ads.linkedin.com/wa/
Requested by
Host: snap.licdn.com
URL: https://snap.licdn.com/li.lms-analytics/insight.min.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:21::14 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://www.nelnetbank.slr.sparrowtest.com/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Accept
*
Content-Type
text/plain;charset=UTF-8

Response headers

linkedin-action
1
x-li-pop
afd-prod-lva1-x
x-msedge-ref
Ref A: 1BDF85DA693E4E85843485ABF22D2D82 Ref B: FRAEDGE2019 Ref C: 2024-11-14T08:27:43Z
x-li-fabric
prod-lva1
access-control-allow-credentials
true
x-li-uuid
AAYm2zl085T2UtKFjJbd9Q==
x-li-proto
http/2
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
x-cache
CONFIG_NOCACHE
date
Thu, 14 Nov 2024 08:27:43 GMT
vary
Origin
st
px.mountain.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=1716270003.1731572863&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%221716270003.1731572863%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221716270003.1731572863%22%2C%22dcm_gid%22%3A%22925792397.1731572863%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1716270003.1731572863&dcm_gid=925792397.1731572863&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=29769847530831010term%3Dvalue
Requested by
Host: dx.mountain.com
URL: https://dx.mountain.com/spx?dxver=4.0.0&shaid=37208&tdr=&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=29769847530831010term=value
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
735773da1250507d5b88e337afe2e361dd0151772a10f3a4ee715c9a48fa0a3f

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
2
connection
close
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Thu, 14 Nov 2024 08:27:44 GMT
content-type
application/javascript;charset=utf-8
server
istio-envoy
icon-close-all-colors.svg
www.nelnet.net/marketingprod/email/images/ 		866 B
1 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.nelnet.net/marketingprod/email/images/icon-close-all-colors.svg
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/prequalification/about-you
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
216.69.100.142 , United States, ASN (),
Reverse DNS
Software
/
Resource Hash
e5bbda35e57164f61f8b55537e15923c87ee6dfecdfb7b1739c5e950ccd2ab85
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
X-Robots-Tag
noindex
ETag
"8084ecb94843d61:0"
Accept-Ranges
bytes
Content-Length
866
Date
Thu, 14 Nov 2024 08:27:44 GMT
Content-Type
image/svg+xml
Last-Modified
Mon, 15 Jun 2020 19:11:09 GMT
gs
gs.mountain.com/ 		144 B
733 B 		Script
General
Check archive.org
Download Go to
Full URL
https://gs.mountain.com/gs
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=1716270003.1731572863&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%221716270003.1731572863%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221716270003.1731572863%22%2C%22dcm_gid%22%3A%22925792397.1731572863%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1716270003.1731572863&dcm_gid=925792397.1731572863&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=29769847530831010term%3Dvalue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
35.81.162.201 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-35-81-162-201.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
5db4c2c391bd9a158745e2b17ede8cf5c1a45be1395337a91e50df9d2e7f235d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
public, max-age=31536000
x-envoy-upstream-service-time
1
connection
close
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
x-application-context
application:prod:8080
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Thu, 14 Nov 2024 08:27:45 GMT
content-length
144
content-type
application/javascript;charset=utf-8
last-modified
Thu, 01 Jan 1970 00:00:00 GMT
server
istio-envoy
access-control-allow-headers
Accept, Content-Type, x-requested-with, X-Custom-Header
v2
rs.fullstory.com/rec/bundle/ 		29 B
43 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=35b45f2b-0990-4060-9f2f-382061b8292b&SessionId=c84222dc-3916-48e4-a131-b034ecce1e78&PageId=c162cd25-b80e-4efe-8d8c-c35d0a5399b1&Seq=1&ClientTime=1731572865538&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731572863008&PrevBundleTime=0&LastActivity=1268&IsNewSession=true&ContentEncoding=gzip
Requested by
Host: edge.fullstory.com
URL: https://edge.fullstory.com/s/fs.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
35.186.194.58 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
58.194.186.35.bc.googleusercontent.com
Software
/
Resource Hash
541453357107ac7a4df0a342c240a68e85d940b973e1e3cb034bfbabfe0fa8ad

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

via
1.1 google
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
29
date
Thu, 14 Nov 2024 08:27:45 GMT
content-type
application/json; charset=utf-8
access-control-allow-credentials
true
st
px.mountain.com/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=1716270003.1731572863&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%221716270003.1731572863%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221716270003.1731572863%22%2C%22dcm_gid%22%3A%22925792397.1731572863%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1716270003.1731572863&dcm_gid=925792397.1731572863&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=1731572864726298&shguid=85e20887-0fe9-30eb-b1ef-47f30179c051&shgts=1731572865622
Requested by
Host: px.mountain.com
URL: https://px.mountain.com/st?ga_tracking_id=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&ga_client_id=1716270003.1731572863&shpt=Nelnet%20Bank&ga_info=%7B%22status%22%3A%22OK%22%2C%22ga_tracking_id%22%3A%22G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1%22%2C%22ga_client_id%22%3A%221716270003.1731572863%22%2C%22shpt%22%3A%22Nelnet%20Bank%22%2C%22dcm_cid%22%3A%221716270003.1731572863%22%2C%22dcm_gid%22%3A%22925792397.1731572863%22%2C%22mntnis%22%3A%7B%7D%2C%22execution_workflow%22%3A%7B%22iteration%22%3A1%2C%22shpt%22%3A%22OK%22%2C%22dcm_cid%22%3A%22OK%22%2C%22dcm_gid%22%3A%22OK%22%7D%7D&dcm_cid=1716270003.1731572863&dcm_gid=925792397.1731572863&hardcoded_ga=G-E85CJLWCP7%3BG-LEV6TNB7HC%3BUA-180194408-1&dxver=4.0.0&shaid=37208&plh=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&cb=29769847530831010term%3Dvalue
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.42.124.195 Boardman, United States, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-52-42-124-195.us-west-2.compute.amazonaws.com
Software
istio-envoy /
Resource Hash
422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

transfer-encoding
chunked
content-encoding
gzip
x-envoy-upstream-service-time
23
connection
close
access-control-allow-origin
*
p3p
CP="NON DSP COR NID CURa ADMa DEVa PSAa PSDa OUR STP UNI COM NAV INT STA PRE"
date
Thu, 14 Nov 2024 08:27:46 GMT
content-type
application/javascript;charset=utf-8
server
istio-envoy
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je4bc0v9100074456za200zb833140375&_p=1731572861861&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102077855&cid=1716270003.1731572863&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sid=1731572862&sct=1&seg=0&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&dt=Nelnet%20Bank&_s=2&tfd=5321
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:46 GMT
content-type
text/plain
server
Golfe2
favicon.ico
www.nelnetbank.slr.sparrowtest.com/ 		923 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://www.nelnetbank.slr.sparrowtest.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.66.112.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-66-112-42.fra56.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
8442aba60307d45590ffff0bc7a330e3b50c856debf1149a1b178600457d419c
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

etag
"cb014465c1b9f63fbc4a11c6ce1b8e5d"
x-content-type-options
nosniff
x-cache
RefreshHit from cloudfront
x-amz-cf-id
8XcTKl7Ctz0ZwQRt-n_aeG8KcyFNA3xpXoyaa2Pa0smNvEdLyHX66Q==
date
Thu, 14 Nov 2024 08:27:47 GMT
content-type
image/vnd.microsoft.icon
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 20:12:34 GMT
x-frame-options
DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
36000
referrer-policy
strict-origin
via
1.1 fd080e20137c93d47ed43a67821248f0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
923
x-amz-cf-pop
FRA56-P5
server
AmazonS3
x-amz-server-side-encryption
AES256
v2
rs.fullstory.com/rec/bundle/ 		0
0
ffi98qsi
widget.intercom.io/widget/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://widget.intercom.io/widget/ffi98qsi
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/assets/index-BrD-iuFc.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.224.189.74 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
caec2cc5ff9c3e99b578e6e5370d89aa33918a98f5056ad55fb9281b20da35db

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

content-encoding
gzip
x-amz-version-id
_PoQ7ln94lIv15A69vfM4FJl_Hbwlj5D
etag
"988554a71f0a5f183fcd73acdff8b922"
age
239
alt-svc
h3=":443"; ma=86400
x-cache
Error from cloudfront
x-amz-cf-id
ledT9K4HLXPnHPNTZ-VH5aC40nhwoFKFWSpxk3jFbETvUtbLqR51zQ==
date
Thu, 14 Nov 2024 08:23:54 GMT
content-type
application/javascript; charset=UTF-8
vary
accept-encoding, Origin
last-modified
Wed, 13 Nov 2024 15:05:45 GMT
cache-control
max-age=300, s-maxage=300, public
cross-origin-resource-policy
cross-origin
via
1.1 42b60ee17f7593fff72ca1cb725d6c9a.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
2668
x-amz-cf-pop
FRA2-C1
server
AmazonS3
x-amz-server-side-encryption
AES256
frame-modern.824d1611.js
js.intercomcdn.com/ Frame 69B6 		471 KB
142 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/frame-modern.824d1611.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ffi98qsi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
0426e0e193805fea9bc375986cfc916bd60ef93c6ed703ede1254e10f624ae0a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
sEpU.oDOorblxpV8ucsrbKXrgbFA1vqv
etag
"474ef199e895de84f79af0e4280939ed"
age
4922
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
KY8jWA13LKHk9Ttl3y3L1z7BZYWrErjhUId1pquJb5MUJjhoIzZ5Pw==
date
Thu, 14 Nov 2024 07:05:49 GMT
content-type
application/javascript; charset=UTF-8
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 15:03:15 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy
cross-origin
via
1.1 6c21a88f98dc05bf345d31b96407e6d0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
144924
x-amz-cf-pop
FRA56-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
vendor-modern.5c288613.js
js.intercomcdn.com/ Frame 69B6 		456 KB
145 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.intercomcdn.com/vendor-modern.5c288613.js
Requested by
Host: widget.intercom.io
URL: https://widget.intercom.io/widget/ffi98qsi
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.245.46.19 -, , ASN (),
Reverse DNS
Software
AmazonS3 /
Resource Hash
ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Referer

Response headers

content-encoding
gzip
x-amz-version-id
rif4mvb1wbjWaQ9.1VyoBz4QJ8qlO8rb
etag
"cfcbe890471af67f5140f9f36766a673"
age
1008
alt-svc
h3=":443"; ma=86400
x-cache
Hit from cloudfront
x-amz-cf-id
_qHJhseOAvbBONMCAnbpQTJa-5Xj5J6A_3n9TiISZcPwN3gnciGBhg==
date
Thu, 14 Nov 2024 08:11:03 GMT
content-type
application/javascript; charset=UTF-8
vary
accept-encoding
last-modified
Wed, 13 Nov 2024 15:03:16 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
cache-control
max-age=31536000, s-maxage=7200, public
cross-origin-resource-policy
cross-origin
via
1.1 6c21a88f98dc05bf345d31b96407e6d0.cloudfront.net (CloudFront)
accept-ranges
bytes
content-length
147369
x-amz-cf-pop
FRA56-P9
server
AmazonS3
x-amz-server-side-encryption
AES256
launcher_settings
api-iam.intercom.io/messenger/web/ Frame 69B6 		240 B
912 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/launcher_settings
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.20.14.227 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
18b99350b2bacac3eee8ea7487c71767edaffb49d7eba620af986fd149b1bd74
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

x-request-id
0017m88ikrbfeon1ofe0
access-control-expose-headers
x-request-id
content-encoding
gzip
etag
W/"18b99350b2bacac3eee8ea7487c71767"
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
status
200 OK
date
Thu, 14 Nov 2024 08:27:50 GMT
content-type
application/json; charset=utf-8
vary
Accept,Accept-Encoding
x-runtime
0.025518
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556952; includeSubDomains; preload
x-request-queueing
0
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection
1; mode=block
x-intercom-version
6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version
ami-0d82ec08b45e6923b
server
nginx
ping
api-iam.intercom.io/messenger/web/ Frame 69B6 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.20.14.227 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
28c23897d6283e7afb374d8e78da757bc2d18c07e8e4cc269257ecc0bd006af6
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

x-request-id
0000463efaert8bi1590
access-control-expose-headers
x-request-id
content-encoding
gzip
etag
W/"28c23897d6283e7afb374d8e78da757b"
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
status
200 OK
date
Thu, 14 Nov 2024 08:27:50 GMT
content-type
application/json; charset=utf-8
vary
Accept,Accept-Encoding
x-runtime
0.180663
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556952; includeSubDomains; preload
x-request-queueing
0
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection
1; mode=block
x-intercom-version
6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version
ami-0d82ec08b45e6923b
server
nginx
ping
api-iam.intercom.io/messenger/web/ Frame 69B6 		4 KB
2 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://api-iam.intercom.io/messenger/web/ping
Requested by
Host: js.intercomcdn.com
URL: https://js.intercomcdn.com/frame-modern.824d1611.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.20.14.227 -, , ASN (),
Reverse DNS
Software
nginx /
Resource Hash
2dff1c54bca805e6b304409b7defe74185931dc20e8fb578797c9010e42408bd
Security Headers
Name Value
Strict-Transport-Security max-age=31556952; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
application/x-www-form-urlencoded
Referer

Response headers

x-request-id
0001n3a7ri1kc2is9fb0
access-control-expose-headers
x-request-id
content-encoding
gzip
etag
W/"2dff1c54bca805e6b304409b7defe741"
access-control-allow-methods
POST, GET, OPTIONS
x-content-type-options
nosniff
status
200 OK
date
Thu, 14 Nov 2024 08:27:51 GMT
content-type
application/json; charset=utf-8
vary
Accept,Accept-Encoding
x-runtime
0.169765
access-control-allow-headers
Content-Type, Idempotency-Key, X-INTERCOM-APP, X-INTERCOM-PAGE-TITLE, X-INTERCOM-USER-DATA
x-frame-options
SAMEORIGIN
strict-transport-security
max-age=31556952; includeSubDomains; preload
x-request-queueing
0
cache-control
max-age=0, private, must-revalidate
access-control-allow-credentials
true
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
x-xss-protection
1; mode=block
x-intercom-version
6f5d3b6ef728b766c38a9b4009c34a8f98be0b16
x-ami-version
ami-0d82ec08b45e6923b
server
nginx
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-E85CJLWCP7&gtm=45je4bc0v9100074456z8833140375za200zb833140375&_p=1731572861861&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101925629~102067555~102077855&cid=1716270003.1731572863&ul=de-de&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1731572862&sct=1&seg=1&dl=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2Fprequalification%2Fabout-you&dr=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&dt=Nelnet%20Bank&_s=3&tfd=10323
Requested by
Host: www.nelnetbank.slr.sparrowtest.com
URL: https://www.nelnetbank.slr.sparrowtest.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
216.239.32.36 -, , ASN (),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/130.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://www.nelnetbank.slr.sparrowtest.com/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://www.nelnetbank.slr.sparrowtest.com
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 14 Nov 2024 08:27:51 GMT
content-type
text/plain
server
Golfe2
v2
rs.fullstory.com/rec/bundle/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
cdn.evgnet.com
URL
https://cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js
Domain
www.google.de
URL
https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-E85CJLWCP7&cid=1716270003.1731572863&gtm=45je4bc0v9100074456z8833140375za200zb833140375&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102077855&tag_exp=101925629~102067555~102077855&z=1372570045
Domain
www.googletagmanager.com
URL
https://www.googletagmanager.com/gtag/js?id=G-LEV6TNB7HC&cx=c&_slc=1
Domain
bat.bing.net
URL
https://bat.bing.net/action/0?ti=136025897&tm=gtm002&Ver=2&mid=9cc40645-6e16-41fe-91b5-74b8ec95f681&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Nelnet%20Bank&p=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&r=&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=736585
Domain
rs.fullstory.com
URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=35b45f2b-0990-4060-9f2f-382061b8292b&SessionId=c84222dc-3916-48e4-a131-b034ecce1e78&PageId=c162cd25-b80e-4efe-8d8c-c35d0a5399b1&Seq=2&ClientTime=1731572868030&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731572863008&PrevBundleTime=1731572865658&LastActivity=3765&IsNewSession=true&ContentEncoding=gzip
Domain
rs.fullstory.com
URL
https://rs.fullstory.com/rec/bundle/v2?OrgId=BB4ET&UserId=35b45f2b-0990-4060-9f2f-382061b8292b&SessionId=c84222dc-3916-48e4-a131-b034ecce1e78&PageId=c162cd25-b80e-4efe-8d8c-c35d0a5399b1&Seq=2&ClientTime=1731572878030&CompiledVersion=0e8b110ed51dbda96d9e20c9428442057807890d&PageStart=1731572863008&PrevBundleTime=1731572865658&LastActivity=13764&IsNewSession=true&ContentEncoding=gzip

Verdicts & Comments Add Verdict or Comment

51 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| dataLayer string| _fs_host string| _fs_script string| _fs_org string| _fs_namespace function| FS string| _fs_loaded function| _fs_shutdown object| google_tag_manager function| postscribe object| google_tag_manager_external object| google_tag_data function| onYouTubeIframeAPIReady string| _linkedin_partner_id object| _linkedin_data_partner_ids function| autotrack string| GoogleAnalyticsObject function| ga function| OptanonWrapper function| fbq function| _fbq object| gaGlobal function| lintrk boolean| _already_called_lintrk object| gaplugins object| gaData function| UET function| UET_init function| UET_push object| ueto_2ebf173195 object| uetq object| OtTrustedType string| OnetrustActiveGroups string| OptanonActiveGroups object| otStubData object| Optanon object| OneTrust string| dcm_cid string| __reactRouterVersion number| __mobxInstanceCount object| __mobxGlobals object| regeneratorRuntime boolean| _pdfjsCompatibilityChecked object| __SENTRY__ function| Intercom object| intercomSettings object| ORIBILI object| irongate object| mntn

14 Cookies

Domain/Path Name / Value
.sparrowtest.com/ Name: _gcl_au
Value: 1.1.1585638466.1731572862
.sparrowtest.com/ Name: _ga
Value: GA1.1.1716270003.1731572863
.nelnetbank.slr.sparrowtest.com/ Name: _ga
Value: GA1.4.1716270003.1731572863
.nelnetbank.slr.sparrowtest.com/ Name: _gid
Value: GA1.4.925792397.1731572863
.nelnetbank.slr.sparrowtest.com/ Name: _gat_UA-180194408-1
Value: 1
.sparrowtest.com/ Name: _fbp
Value: fb.1.1731572862851.7537704923688037
.linkedin.com/ Name: bcookie
Value: "v=2&0696fedb-0f15-4219-8326-277a54f84a5f"
.linkedin.com/ Name: li_gc
Value: MTswOzE3MzE1NzI4NjI7MjswMjH43r/SeIgXQewkvzLhs1KlTGV5508N1SHSZ31WpeowKA==
.linkedin.com/ Name: lidc
Value: "b=VGST09:s=V:r=V:a=V:p=V:g=3043:u=1:x=1:i=1731572862:t=1731659262:v=2:sig=AQE7BaiJrxqXLdp6JjiMVVXRC2vFTi2-"
.sparrowtest.com/ Name: fs_lua
Value: 1.1731572862677
.sparrowtest.com/ Name: fs_uid
Value: #BB4ET#35b45f2b-0990-4060-9f2f-382061b8292b:c84222dc-3916-48e4-a131-b034ecce1e78:1731572862677::1#/1763108864
.mountain.com/ Name: guid
Value: 528d47eb-a262-11ef-8f44-bb85ae8b8c90
.px.mountain.com/ Name: tt
Value: H4sIAAAAAAAAAKtWKlOyMqoFAP609q8HAAAA
.sparrowtest.com/ Name: _ga_E85CJLWCP7
Value: GS1.1.1731572862.1.1.1731572866.56.0.0

28 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/
Message:
Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "frame-src 'self' td.doubleclick.net".
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security error URL: https://www.nelnetbank.slr.sparrowtest.com/
Message:
Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-E85CJLWCP7&cid=1716270003.1731572863&gtm=45je4bc0v9100074456z8833140375za200zb833140375&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101925629~102067555~102077855&tag_exp=101925629~102067555~102077855&z=1372570045' because it violates the following Content Security Policy directive: "img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:".
security error URL: https://bat.bing.com/bat.js
Message:
Refused to connect to 'https://bat.bing.net/actionp/0?ti=136025897&tm=gtm002&Ver=2&mid=9cc40645-6e16-41fe-91b5-74b8ec95f681&bo=1&evt=consent&src=enforced&cdb=AQAI&asc=D' because it violates the following Content Security Policy directive: "connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net".
security error URL: https://www.nelnetbank.slr.sparrowtest.com/
Message:
Refused to load the image 'https://bat.bing.net/action/0?ti=136025897&tm=gtm002&Ver=2&mid=9cc40645-6e16-41fe-91b5-74b8ec95f681&bo=2&pi=918639831&lg=de-DE&sw=1600&sh=1200&sc=24&tl=Nelnet%20Bank&p=https%3A%2F%2Fwww.nelnetbank.slr.sparrowtest.com%2F&r=&evt=pageLoad&sv=1&asc=D&cdb=AQAY&rn=736585' because it violates the following Content Security Policy directive: "img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:".
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security error URL: https://www.nelnetbank.slr.sparrowtest.com/(Line 15)
Message:
Refused to connect to 'https://3.212.39.155/is' because it violates the following Content Security Policy directive: "connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net".
javascript error URL: https://www.nelnetbank.slr.sparrowtest.com/(Line 15)
Message:
Refused to connect to 'https://3.212.39.155/is' because it violates the document's Content Security Policy.
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-5Z2DDNR(Line 533)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security error URL: https://bat.bing.com/bat.js
Message:
Refused to connect to 'https://bat.bing.net/actionp/0?ti=136025897&tm=gtm002&Ver=2&mid=9cc40645-6e16-41fe-91b5-74b8ec95f681&bo=3&evt=pageHide&asc=D' because it violates the following Content Security Policy directive: "connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy block-all-mixed-content; default-src 'self'; script-src 'nonce-ciZ0T3h8spuH/x+wCJYywQ==' 'strict-dynamic' 'self' widget.intercom.io *.intercomcdn.com cdnjs.cloudflare.com maps.googleapis.com *.fullstory.com https://*.googletagmanager.com bat.bing.com cdn.cookielaw.org connect.facebook.net snap.licdn.com cdn.evgnet.com/beacon/nelnetinc/nelnetbank/scripts/evergage.min.js www.google-analytics.com googleads.g.doubleclick.net *.sparrowtest.com 'sha256-XKl1DCtIkUBRvq1BiT9zIBS3ACWpsKjHNhFzq0JmE+c=' 'sha256-BibpoDGtLcqJmldHiTEJJaxae7rPNurFYXgWVCO4EVw=' 'sha256-Cp2zw0VJ1mIDeLf9E/9u2yfQ4K8yceNQMHk0BbUny8w=' 'sha256-PDHO0RDk4w5XlXMawrYw+4fVwJ5VvxjsZ0ocFGd3SzA=' 'sha256-zEF/ALwwDYV2nZ+rdYGh2XpjU1lbO3oZ2osZayOlmpw=' 'sha256-yxBn2Gp5NuqMNi7ReuwA3JbUbGjVKzk65Z2zsrps7Oc=' 'sha256-bvNubAaanvzctSH2Bj6ENjJoNk03JMpLZL4AeDGgepg=' 'sha256-F3Qj+IRGZEqGdWNLdiYQFEfi+pCkL2mRTY8vVLr+Q44='; style-src 'self' *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com 'unsafe-inline'; font-src 'self' *.intercomcdn.com *.sparrowtest.com *.sparrowfi.com fonts.googleapis.com fonts.gstatic.com; connect-src 'self' *.intercomcdn.com *.intercom.io wss://*.intercom.io maps.googleapis.com cognito-idp.us-east-1.amazonaws.com o1192572.ingest.sentry.io *.sparrowtest.com *.sparrowfi.com *.fullstory.com cdn.cookielaw.org nelnetinc.us-7.evergage.com https://*.google.com https://*.google-analytics.com https://*.analytics.google.com https://*.googletagmanager.com *.linkedin.com stats.g.doubleclick.net; img-src 'self' *.intercomcdn.com static.intercomassets.com d3iunsqowh8khd.cloudfront.net d35hce9fx6cz15.cloudfront.net cdnjs.cloudflare.com bat.bing.com www.nelnet.net www.facebook.com *.linkedin.com www.google.com https://*.google-analytics.com https://*.googletagmanager.com data:; frame-src 'self' td.doubleclick.net
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

api-iam.intercom.io
bat.bing.com
bat.bing.net
cdn.cookielaw.org
cdn.evgnet.com
cdnjs.cloudflare.com
connect.facebook.net
dx.mountain.com
edge.fullstory.com
fonts.googleapis.com
gs.mountain.com
js.intercomcdn.com
nelnetbank.slr.sparrowtest.com
px.ads.linkedin.com
px.mountain.com
px4.ads.linkedin.com
region1.analytics.google.com
rs.fullstory.com
snap.licdn.com
stats.g.doubleclick.net
widget.intercom.io
www.facebook.com
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.nelnet.net
www.nelnetbank.slr.sparrowtest.com
bat.bing.net
cdn.evgnet.com
rs.fullstory.com
www.google.de
www.googletagmanager.com
104.17.25.14
13.107.42.14
13.224.189.74
13.35.58.71
142.250.186.100
157.240.253.1
157.240.253.35
18.245.46.19
18.66.112.42
2001:4860:4802:32::36
216.239.32.36
216.69.100.142
2606:4700::6812:572a
2620:1ec:21::14
2620:1ec:33:2::10
2a00:1450:4001:800::200e
2a00:1450:4001:827::2008
2a00:1450:4001:831::200a
2a00:1450:400c:c0d::9a
2a02:26f0:3500:10::210:a9a
35.186.194.58
35.201.112.186
35.81.162.201
52.20.14.227
52.42.124.195
52.7.151.245
02939a2456598ea6b3e286ecaf8929223ce791cf866084c1b8e91e6eb99a05f2
0426e0e193805fea9bc375986cfc916bd60ef93c6ed703ede1254e10f624ae0a
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
0a7830da379aef49b3b3fbfc95e22edb88bc29a7dcaaee81f68a2d4ffdc42b48
1188e0213d8d7fb1a53647b398a1280cce9edde25e71d1d8689ad4673f5501f9
1594fe05c1682143228f88a5e3793446893b1d77c2ccb2834c15a63fed6f31fa
18b99350b2bacac3eee8ea7487c71767edaffb49d7eba620af986fd149b1bd74
1feca2279a6e78133bf577b99e4f3e82896622c255d29017cec5f5cfa93e4d16
25a23f99d58e3cdecf7c148aa921a390b283666aeccc09e1fb7932ccdb219d92
28c23897d6283e7afb374d8e78da757bc2d18c07e8e4cc269257ecc0bd006af6
2cebfaa1a65eaf1ce0029bf83a194c77bee98eaf7c6fa48ae2a18e2ea87e9bc2
2cf210fd84fd02e9dd57208fdec607d5dbea51d3b7eee241ef042d359e51b9c1
2dff1c54bca805e6b304409b7defe74185931dc20e8fb578797c9010e42408bd
3883e9c7bd01cd5c2f70a3a90f7efbdd848b72f099651ef2caff00257cceda63
3a4cc28baf83799e86168d5f90ea9a7544b593042e90e6b0ef2cb3ce15363d96
422089279a8d45dacd36064f612cfb1215a1e5186686a3da70ac577807a21ee4
422b962aff597c5aca5f9c3aa114fcea7f3fda6abcad9584510b36b3eecd0f09
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
4fc817364277ef9c6b2de3747b0f9a06c5e91696eb304cd3b025f0ac5fc1b858
527bf3dacc5eb62211130fe4bf315c682861320ab25b4aa2efe6ea87a760db8c
541453357107ac7a4df0a342c240a68e85d940b973e1e3cb034bfbabfe0fa8ad
561eacd7a78089616588e8c34af06cce4d7592f578f62d2db2ebb66596483051
5cbf1455bbcabfd9a9a069e1d46f48f491347737ab6990f926d5cba7ac25850a
5db4c2c391bd9a158745e2b17ede8cf5c1a45be1395337a91e50df9d2e7f235d
6e05ff1a7ed11597c87b4df200fb58a0dac512021bd03a3b52ee41f64ce69846
729b4931457b15d335860cf1a2d9d3613e40f3c1deb0367c781d32303cdb3e79
735773da1250507d5b88e337afe2e361dd0151772a10f3a4ee715c9a48fa0a3f
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8442aba60307d45590ffff0bc7a330e3b50c856debf1149a1b178600457d419c
84e13b47921ee79d3fab38b733e08dc04ca99b25c1880cb25475c9315ddc2146
8a27dc7b44ebe886390bfa0a9beeea36ea5a3f37479f0e0836b6c9b80d9b35ed
8cc69d7376704c587dc18797f07d562f89dbd22c39a5a6bb70661ed161b1950b
9c3a508b6f8a33e1f9f7e964c6f70e2c364bb836d69ad40912a873f4a30be96f
a1fec7acc9e28feaa2280cd08d30cab4cac8e9557fb8fb35ab6ffcd1e28fade8
a8d106c860b2731ec5a13b381a9ac890a2bff2822c36d2034f9d53cc2cf15321
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
aabc88a6db8b22022f96ca88e4f0a7be426abef2b35169a71515a2d55246402a
ad0e16e3e83936688a11f292ef26cd62ff0b2125053c37e9cc8ac41b24f44342
ade920fd5b00cd298aae7978673a9a64d0bb3fa593d23e91994ec6b6723ebace
b8c093e6f421e3e70117b9b6bc33ed5b4cdfbd6cf1a1c8fdedbf38e6c441b9bc
bc27ad01d2f8eb11cfdb80ff708214db38c85a0e039f772a282a8757b0230193
caec2cc5ff9c3e99b578e6e5370d89aa33918a98f5056ad55fb9281b20da35db
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3338269de86e285fc3a25a5043fc950ec056868d929237281dfe2d30e0dc3be
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e5bbda35e57164f61f8b55537e15923c87ee6dfecdfb7b1739c5e950ccd2ab85
e86c9ac3be37614df8f5981e23bc1952a5598265bc48839004eb3aa2575de844
ea16d67ed8233e371bfa427a71e4576c39e87ed45123738b53b94c31b5f95779
efa9095d7835cec77935c57cf99e63942bcda1a59e487ae23523647d8f8c270e
fb44400a61edda0b628ad2ff62cb5d299fab4e7a18d586ae7d70481c6c9550b2
fed8976f8267731abcd84353ce8d211fd7b654322572680e463e3a56712f0e50