urlscan.io logo urlscan.io
SecurityTrails logo

app.monarchmoney.com Open in urlscan Pro
2606:4700:10::ac43:5c4  Public Scan

Go To Rescan Add Verdict Report
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Submission: On April 10 via api from US — Scanned from DE
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 35 IPs in 6 countries across 27 domains to perform 114 HTTP transactions. The main IP is 2606:4700:10::ac43:5c4, located in United States and belongs to CLOUDFLARENET, US. The main domain is app.monarchmoney.com. The Cisco Umbrella rank of the primary domain is 367634.
TLS certificate: Issued by E1 on March 22nd 2024. Valid for: 3 months.
This is the only time app.monarchmoney.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
18 2606:4700:10:... 13335 (CLOUDFLAR...)
1 13.33.187.42 16509 (AMAZON-02)
2 2a04:4e42:400... 54113 (FASTLY)
1 34.117.162.98 396982 (GOOGLE-CL...)
6 2.18.64.26 20940 (AKAMAI-ASN1)
3 2620:1ec:46::45 8075 (MICROSOFT...)
1 146.75.120.157 54113 (FASTLY)
1 108.138.36.16 16509 (AMAZON-02)
4 34.111.186.1 396982 (GOOGLE-CL...)
1 104.244.42.133 13414 (TWITTER)
1 104.244.42.131 13414 (TWITTER)
1 151.101.129.140 54113 (FASTLY)
5 52.184.204.244 8075 (MICROSOFT...)
14 2606:4700:10:... 13335 (CLOUDFLAR...)
1 35.186.247.156 15169 (GOOGLE)
1 18.173.187.121 16509 (AMAZON-02)
3 104.18.70.113 13335 (CLOUDFLAR...)
1 2600:9000:20c... 16509 (AMAZON-02)
1 2a00:1450:400... 15169 (GOOGLE)
1 184.30.208.159 16625 (AKAMAI-AS)
2 2.17.147.82 20940 (AKAMAI-ASN1)
2 151.101.64.176 54113 (FASTLY)
1 104.18.72.113 13335 (CLOUDFLAR...)
1 2600:9000:26d... 16509 (AMAZON-02)
1 104.16.53.111 13335 (CLOUDFLAR...)
10 108.138.32.174 16509 (AMAZON-02)
2 3.228.185.195 14618 (AMAZON-AES)
1 2 68.219.88.97 8075 (MICROSOFT...)
1 3 2620:1ec:c11:... 8068 (MICROSOFT...)
2 2600:9000:237... 16509 (AMAZON-02)
2 2a00:1450:400... 15169 (GOOGLE)
2 2a03:2880:f08... 32934 (FACEBOOK)
2 5 142.250.185.66 15169 (GOOGLE)
2 2 216.58.206.68 15169 (GOOGLE)
2 142.250.186.35 15169 (GOOGLE)
114 35
18    2606:4700:10::ac43:5c4 (United States)

ASN13335 (CLOUDFLARENET, US)
app.monarchmoney.com
1    13.33.187.42 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-13-33-187-42.fra60.r.cloudfront.net
cdn.plaid.com
2    2a04:4e42:400::396 (United States)

ASN54113 (FASTLY, US)
www.redditstatic.com
1    34.117.162.98 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 98.162.117.34.bc.googleusercontent.com
pixel.byspotify.com
6    2.18.64.26 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-18-64-26.deploy.static.akamaitechnologies.com
analytics.tiktok.com
3    2620:1ec:46::45 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
www.clarity.ms
1    146.75.120.157 (Frankfurt am Main, Germany)

ASN54113 (FASTLY, US)
static.ads-twitter.com
1    108.138.36.16 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-36-16.muc50.r.cloudfront.net
cdn.userleap.com
4    34.111.186.1 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 1.186.111.34.bc.googleusercontent.com
evnt.byspotify.com
1    104.244.42.133 (United States)

ASN13414 (TWITTER, US)
t.co
1    104.244.42.131 (United States)

ASN13414 (TWITTER, US)
analytics.twitter.com
1    151.101.129.140 (United States)

ASN54113 (FASTLY, US)
alb.reddit.com
5    52.184.204.244 (Boydton, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
n.clarity.ms
14    2606:4700:10::6816:3d79 (United States)

ASN13335 (CLOUDFLARENET, US)
features.monarchmoney.com
1    35.186.247.156 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 156.247.186.35.bc.googleusercontent.com
sentry.io
1    18.173.187.121 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-173-187-121.muc50.r.cloudfront.net
js.stripe.com
3    104.18.70.113 (None, )

ASN13335 (CLOUDFLARENET, US)
static.zdassets.com
1    2600:9000:20c3:fe00:9:a6e8:8080:93a1 (United States)

ASN16509 (AMAZON-02, US)
events-cdn.monarchmoney.com
1    2a00:1450:400c:c09::54 (Brussels, Belgium)

ASN15169 (GOOGLE, US)
accounts.google.com
1    184.30.208.159 (Frankfurt am Main, Germany)

ASN16625 (AKAMAI-AS, US)
PTR: a184-30-208-159.deploy.static.akamaitechnologies.com
appleid.cdn-apple.com
2    2.17.147.82 (Prague, Czech Republic)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a2-17-147-82.deploy.static.akamaitechnologies.com
sdk-api-v1.singular.net
2    151.101.64.176 (United States)

ASN54113 (FASTLY, US)
js.stripe.com
1    104.18.72.113 (None, )

ASN13335 (CLOUDFLARENET, US)
ekr.zdassets.com
1    2600:9000:26db:fa00:6:5671:b9c0:93a1 (United States)

ASN16509 (AMAZON-02, US)
streaming.split.io
1    104.16.53.111 (None, )

ASN13335 (CLOUDFLARENET, US)
monarchmoney.zendesk.com
10    108.138.32.174 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-138-32-174.muc50.r.cloudfront.net
cdn.segment.com
2    3.228.185.195 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-3-228-185-195.compute-1.amazonaws.com
api.sprig.com
2    68.219.88.97 (Dublin, Ireland)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.clarity.ms
3    2620:1ec:c11::237 (United States)

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
c.bing.com
bat.bing.com
2    2600:9000:237d:5800:d:cf84:bb40:93a1 (United States)

ASN16509 (AMAZON-02, US)
events-api.monarchmoney.com
2    2a00:1450:4001:802::200e (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google-analytics.com
2    2a03:2880:f083:9:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)
connect.facebook.net
5    142.250.185.66 (United States)

ASN15169 (GOOGLE, US)
PTR: fra16s48-in-f2.1e100.net
www.googleadservices.com
googleads.g.doubleclick.net
2    216.58.206.68 (United States)

ASN15169 (GOOGLE, US)
PTR: lhr35s11-in-f4.1e100.net
www.google.com
2    142.250.186.35 (United States)

ASN15169 (GOOGLE, US)
PTR: fra24s04-in-f3.1e100.net
www.google.de
Apex Domain
Subdomains		 Transfer
35 monarchmoney.com
app.monarchmoney.com — Cisco Umbrella Rank: 367634
features.monarchmoney.com — Cisco Umbrella Rank: 99101
api.monarchmoney.com Failed
events-cdn.monarchmoney.com — Cisco Umbrella Rank: 454278
events-api.monarchmoney.com — Cisco Umbrella Rank: 317845
3 MB
10 segment.com
cdn.segment.com — Cisco Umbrella Rank: 3118
48 KB
10 clarity.ms
www.clarity.ms — Cisco Umbrella Rank: 1180
n.clarity.ms — Cisco Umbrella Rank: 8114
c.clarity.ms — Cisco Umbrella Rank: 1852
30 KB
6 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 849
156 KB
5 byspotify.com
pixel.byspotify.com — Cisco Umbrella Rank: 15437
evnt.byspotify.com — Cisco Umbrella Rank: 15383
7 KB
4 zdassets.com
static.zdassets.com — Cisco Umbrella Rank: 3673
ekr.zdassets.com — Cisco Umbrella Rank: 4433
289 KB
3 googleadservices.com
www.googleadservices.com — Cisco Umbrella Rank: 163
21 KB
3 bing.com
c.bing.com — Cisco Umbrella Rank: 373
bat.bing.com — Cisco Umbrella Rank: 623
16 KB
3 google.com
accounts.google.com — Cisco Umbrella Rank: 63
www.google.com — Cisco Umbrella Rank: 5
84 KB
3 stripe.com
js.stripe.com — Cisco Umbrella Rank: 2558
148 KB
2 google.de
www.google.de — Cisco Umbrella Rank: 4622
128 B
2 doubleclick.net
googleads.g.doubleclick.net — Cisco Umbrella Rank: 69
48 B
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 248
71 KB
2 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 99
68 KB
2 sprig.com
api.sprig.com — Cisco Umbrella Rank: 5763
1 KB
2 singular.net
sdk-api-v1.singular.net — Cisco Umbrella Rank: 3538
307 B
2 redditstatic.com
www.redditstatic.com — Cisco Umbrella Rank: 1657
10 KB
1 zendesk.com
monarchmoney.zendesk.com — Cisco Umbrella Rank: 443756
888 B
1 split.io
streaming.split.io — Cisco Umbrella Rank: 4978
1 cdn-apple.com
appleid.cdn-apple.com — Cisco Umbrella Rank: 5262
17 KB
1 sentry.io
sentry.io — Cisco Umbrella Rank: 187
324 B
1 reddit.com
alb.reddit.com — Cisco Umbrella Rank: 1880
637 B
1 twitter.com
analytics.twitter.com — Cisco Umbrella Rank: 1340
727 B
1 t.co
t.co — Cisco Umbrella Rank: 794
376 B
1 userleap.com
cdn.userleap.com — Cisco Umbrella Rank: 121461
46 KB
1 ads-twitter.com
static.ads-twitter.com — Cisco Umbrella Rank: 1259
15 KB
1 plaid.com
cdn.plaid.com — Cisco Umbrella Rank: 27300
41 KB
114 27
Domain Requested by
18 app.monarchmoney.com app.monarchmoney.com
14 features.monarchmoney.com app.monarchmoney.com
10 cdn.segment.com app.monarchmoney.com
events-cdn.monarchmoney.com
6 analytics.tiktok.com app.monarchmoney.com
analytics.tiktok.com
5 n.clarity.ms www.clarity.ms
app.monarchmoney.com
4 evnt.byspotify.com pixel.byspotify.com
app.monarchmoney.com
3 www.googleadservices.com cdn.segment.com
www.googleadservices.com
3 static.zdassets.com app.monarchmoney.com
static.zdassets.com
3 js.stripe.com app.monarchmoney.com
js.stripe.com
3 www.clarity.ms app.monarchmoney.com
www.clarity.ms
bat.bing.com
2 www.google.de
2 www.google.com 2 redirects
2 googleads.g.doubleclick.net 2 redirects
2 bat.bing.com cdn.segment.com
bat.bing.com
2 connect.facebook.net cdn.segment.com
connect.facebook.net
2 www.google-analytics.com cdn.segment.com
www.google-analytics.com
2 events-api.monarchmoney.com app.monarchmoney.com
2 c.clarity.ms 1 redirects
2 api.sprig.com app.monarchmoney.com
2 sdk-api-v1.singular.net app.monarchmoney.com
2 www.redditstatic.com app.monarchmoney.com
www.redditstatic.com
1 c.bing.com 1 redirects
1 monarchmoney.zendesk.com static.zdassets.com
1 streaming.split.io app.monarchmoney.com
1 ekr.zdassets.com app.monarchmoney.com
1 appleid.cdn-apple.com app.monarchmoney.com
1 accounts.google.com app.monarchmoney.com
1 events-cdn.monarchmoney.com app.monarchmoney.com
1 sentry.io app.monarchmoney.com
1 alb.reddit.com app.monarchmoney.com
1 analytics.twitter.com app.monarchmoney.com
1 t.co app.monarchmoney.com
1 cdn.userleap.com app.monarchmoney.com
1 static.ads-twitter.com app.monarchmoney.com
1 pixel.byspotify.com app.monarchmoney.com
1 cdn.plaid.com app.monarchmoney.com
0 api.monarchmoney.com Failed app.monarchmoney.com
114 37

This site contains no links.

Subject Issuer Validity Valid
monarchmoney.com
E1		 2024-03-22 -
2024-06-20		 3 months crt.sh
secure.plaid.com
DigiCert EV RSA CA G2		 2024-03-12 -
2025-03-11		 a year crt.sh
www.redditstatic.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-08 -
2024-07-06		 6 months crt.sh
pixel.byspotify.com
GTS CA 1D4		 2024-02-29 -
2024-05-29		 3 months crt.sh
*.tiktok.com
RapidSSL ECC CA 2018		 2023-07-14 -
2024-08-13		 a year crt.sh
www.clarity.ms
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-07 -
2024-12-07		 a year crt.sh
ads-twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-07-21 -
2024-07-19		 a year crt.sh
userleap.com
Amazon RSA 2048 M03		 2023-09-09 -
2024-10-07		 a year crt.sh
prfx.byspotify.com
GTS CA 1D4		 2024-03-05 -
2024-06-03		 3 months crt.sh
t.co
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-01-07 -
2025-01-06		 a year crt.sh
*.twitter.com
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-10-31 -
2024-10-29		 a year crt.sh
*.reddit.com
DigiCert TLS RSA SHA256 2020 CA1		 2024-01-15 -
2024-07-13		 6 months crt.sh
a.clarity.ms
Microsoft Azure TLS Issuing CA 01		 2024-01-14 -
2024-06-27		 5 months crt.sh
sentry.io
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2023-08-08 -
2024-09-07		 a year crt.sh
a.stripecdn.com
DigiCert SHA2 Extended Validation Server CA		 2024-03-27 -
2024-06-27		 3 months crt.sh
zdassets.com
E1		 2024-03-03 -
2024-06-01		 3 months crt.sh
accounts.google.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
appleid.cdn-apple.com
Apple Public EV Server RSA CA 2 - G1		 2024-01-09 -
2024-07-07		 6 months crt.sh
*.singular.net
DigiCert TLS RSA SHA256 2020 CA1		 2024-03-06 -
2025-03-06		 a year crt.sh
streaming.split.io
Amazon RSA 2048 M03		 2024-02-10 -
2025-03-09		 a year crt.sh
monarchmoney.zendesk.com
Cloudflare Inc ECC CA-3		 2023-05-27 -
2024-05-26		 a year crt.sh
*.segment.com
Amazon RSA 2048 M03		 2023-11-14 -
2024-12-13		 a year crt.sh
istio-gateway.sprig.com
Amazon RSA 2048 M01		 2023-05-23 -
2024-06-20		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-01-18 -
2024-04-17		 3 months crt.sh
www.bing.com
Microsoft Azure TLS Issuing CA 01		 2024-04-10 -
2024-06-27		 3 months crt.sh
*.googleadservices.com
GTS CA 1C3		 2024-03-04 -
2024-05-27		 3 months crt.sh

This page contains 4 frames:

Primary Page: https://app.monarchmoney.com/accounts/details/164068825058880941
Frame ID: 161793872EE2DF3BD5C6000BE30A7210
Requests: 93 HTTP requests in this frame

Frame: https://js.stripe.com/v3/controller-with-preconnect-ed4de20c5f731da4f8893189682f364e.html
Frame ID: A2A610E3DA00CE3F0AA9716EBC91A691
Requests: 1 HTTP requests in this frame

Frame: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-0a93784.js
Frame ID: 711F3844BBE6F338C7BFE67CBC75C211
Requests: 3 HTTP requests in this frame

Frame: https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Frame ID: FF4B5A599D0014709A4E86DCF3D8909C
Requests: 1 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Monarch | Sign In

Detected technologies

Overall confidence: 100%
Detected patterns
  • appleid\.auth\.js
Overall confidence: 100%
Detected patterns
  • accounts\.google\.com/gsi/client
Overall confidence: 100%
Detected patterns
  • js\.stripe\.com
Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js

Page Statistics

114
Requests

85 %
HTTPS

31 %
IPv6

27
Domains

37
Subdomains

35
IPs

6
Countries

3748 kB
Transfer

14324 kB
Size

29
Cookies

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 84
  • https://c.clarity.ms/c.gif HTTP 302
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&RedC=c.clarity.ms&MXFR=185B5F6A1A2E63A2230B4B371E2E6D35 HTTP 302
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&MUID=280E7B492CC16CC1295C6F142D6D6D47
Request Chain 107
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl_qvntq3hQMVSz4GAB2tBAB2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs HTTP 302
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl_qvntq3hQMVSz4GAB2tBAB2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtq0I2P0CUj919_v9g0mByloYBXl6KTXw&random=673248392&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl_qvntq3hQMVSz4GAB2tBAB2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtq0I2P0CUj919_v9g0mByloYBXl6KTXw&random=673248392&resp=GooglemKTybQhCsO&ipr=y
Request Chain 108
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8YKwntq3hQMVGiQGAB0KPwqZMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs HTTP 302
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8YKwntq3hQMVGiQGAB0KPwqZMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtqxoH_s9MQBE9pSzzFEZZJ1SVwaDzi1g&random=2746494089&resp=GooglemKTybQhCsO HTTP 302
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8YKwntq3hQMVGiQGAB0KPwqZMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtqxoH_s9MQBE9pSzzFEZZJ1SVwaDzi1g&random=2746494089&resp=GooglemKTybQhCsO&ipr=y

114 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request 164068825058880941
app.monarchmoney.com/accounts/details/ 		5 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c64da1db6462f07b0040c2ac421766b742d4cfe9e67cfab6dff3a66ec288f949
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

cache-control
public, max-age=0
cf-cache-status
DYNAMIC
cf-ray
8722ed29184e5d45-FRA
content-encoding
gzip
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
content-type
text/html; charset=UTF-8
date
Wed, 10 Apr 2024 13:01:35 GMT
expect-ct
max-age=0
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
referrer-policy
no-referrer
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754095&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=N71ZGGsgxMT1Yaju%2BZbvbYxXbQjpN1lirWM3b0UP4BM%3D"}]}
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754095&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=N71ZGGsgxMT1Yaju%2BZbvbYxXbQjpN1lirWM3b0UP4BM%3D
server
cloudflare
strict-transport-security
max-age=15552000; includeSubDomains
via
1.1 vegur
x-content-type-options
nosniff
x-dns-prefetch-control
off
x-download-options
noopen
x-frame-options
SAMEORIGIN
x-permitted-cross-domain-policies
none
x-xss-protection
0
analytics.js
app.monarchmoney.com/ 		2 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/analytics.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"608-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ac75d45-FRA
reddit.js
app.monarchmoney.com/ 		465 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/reddit.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"1d1-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ace5d45-FRA
spotify.js
app.monarchmoney.com/ 		560 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/spotify.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"230-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ad05d45-FRA
tiktok.js
app.monarchmoney.com/ 		1 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/tiktok.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"543-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ad35d45-FRA
clarity.js
app.monarchmoney.com/ 		341 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/clarity.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"155-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ad65d45-FRA
twitter.js
app.monarchmoney.com/ 		434 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/twitter.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
689f21e9ea01f0c246cabcec04eb8f4acc6cb119b099f692a9a0f31bb09eec31
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"1b2-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ad85d45-FRA
userleap.js
app.monarchmoney.com/ 		475 B
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/userleap.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"1db-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2b4ad95d45-FRA
link-initialize.js
cdn.plaid.com/link/v2/stable/ 		147 KB
41 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.plaid.com/link/v2/stable/link-initialize.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
13.33.187.42 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-13-33-187-42.fra60.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
f711615d80b0d3f4b6b1ff543646cb4c39b181c0180a30ac025eb79f237d6c67

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
X8J2Mw4_Zl9ELRRtE2Wzu25STADppdDc
content-encoding
br
via
1.1 4770dda4e92393e930d8a34dcbb04db2.cloudfront.net (CloudFront)
date
Wed, 10 Apr 2024 12:39:32 GMT
x-amz-request-id
YVZE5PZEAB7K62V0
x-amz-cf-pop
FRA60-P9
x-amz-server-side-encryption
AES256
age
1329
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
x-amz-id-2
b8H0wg46Z0UHseWwLUS6uH3uqcHrYDB1PDCzHBsm4zaHvMZ9whYKS6A67O4ksO/uX368b2nnubXb1j0zj1vUoLs7Fz0YcXczW9utLROqqGg=
last-modified
Tue, 09 Apr 2024 18:26:38 GMT
server
AmazonS3
etag
W/"6ba49efa2af925245d6016f0b6261695"
vary
Accept-Encoding
content-type
text/javascript
cache-control
no-cache,must-revalidate,max-age=0
x-amz-cf-id
lPUVyWs6YAfKqUnIfFt-D_AFtU-rk5BLoJouzEk00R1dl1aO2j7wCw==
494.65c6f4b5.js
app.monarchmoney.com/static/js/ 		6 MB
2 MB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b1d4780bcf4ccc8f490c421d8ad49e0475ee1ecd92ec4b0736855a59c378104a
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"606ce0-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2d9d195d45-FRA
main.a76ca012.js
app.monarchmoney.com/static/js/ 		4 MB
868 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/js/main.a76ca012.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
c317eeaedde3bc303ff5e46985db180f2a54cd3159049df72c8082fbf5a6a1f7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
MISS
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"402ecd-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754096&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=mainkDOs2T1yzShosME7Z0lpcL1i1nQsPiqDYpR1144%3D"}]}
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed2d9d245d45-FRA
pixel.js
www.redditstatic.com/ads/ 		28 KB
9 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/pixel.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/reddit.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
via
1.1 varnish, 1.1 varnish
last-modified
Thu, 15 Feb 2024 20:38:48 GMT
server
snooserv
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
etag
"9a680c8c475d8bba600d4d87b4fa7ee5"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/javascript
cache-control
public, max-age=60
accept-ranges
bytes
content-length
8702
ping.min.js
pixel.byspotify.com/ 		32 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://pixel.byspotify.com/ping.min.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/spotify.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.117.162.98 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
98.162.117.34.bc.googleusercontent.com
Software
UploadServer /
Resource Hash
20c0114a672ac0b5b31a1c0100543a2306bf389816ab20774b66e8f7b30fb60c

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 12:05:31 GMT
content-encoding
gzip
via
1.1 google
age
3365
x-guploader-uploadid
ABPtcPqDPfgXNOQUgYnpi8H38EC69_JWIMrRKLegB_YymfLLg1Wl1U7nAWe5rfsB3DCfqwDBGqBiv62hEg
x-goog-storage-class
STANDARD
x-goog-metageneration
2
x-goog-stored-content-encoding
gzip
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
6158
last-modified
Wed, 11 Oct 2023 19:00:35 GMT
server
UploadServer
etag
"13069f74108a788c598831c3a4ff2cdf"
vary
Accept-Encoding
x-goog-generation
1697050835633914
x-goog-hash
crc32c=We0+rw==, md5=EwafdBCKeIxZiDHDpP8s3w==
content-type
application/javascript;
cache-control
public, max-age=3600
x-goog-stored-content-length
6158
accept-ranges
bytes
expires
Wed, 10 Apr 2024 13:05:31 GMT
events.js
analytics.tiktok.com/i18n/pixel/ 		5 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/tiktok.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
8be0d5bddc62b9cd2893335fe8c97074b6448494eff86ea3431c02916ba2dcac

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
18c4536.54e6340
date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2404101301367E1B04ED3C2754AECDC4-1968EE16F9EE1B68-00
x-cache
TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
x-parent-response-time
94,2.20.179.90
server-timing
cdn-cache; desc=MISS, edge; dur=88, origin; dur=6, inner; dur=3
content-length
1837
pragma
no-cache
server
nginx
x-tt-logid
202404101301367E1B04ED3C2754AECDC4
x-cache-remote
TCP_MISS from a23-48-100-135.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
6,23.48.100.135
x-tt-trace-host
01bebdcd0d5642d80e2bac0bb2240c851f9442108681d5acd9a2d2e75a22967bcfc40174c4f37948d16b51290b483168557309cdc44b6b28aa0787aa1d608a6e17c7f9e837da06baa9ed22ff8720e4171f7c5b0c00c921d7eb81df2914f5b2fedb977236d13722ca25df9fbd93d70a91b9
expires
Wed, 10 Apr 2024 13:01:36 GMT
hjy3lwdr3i
www.clarity.ms/tag/ 		703 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/hjy3lwdr3i
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/clarity.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
22bcb5ce8f20c4125d1ed5bd09df18dd69c63583f84505a8193d5a18ff216b4d

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Wed, 10 Apr 2024 13:01:36 GMT
x-azure-ref
20240410T130136Z-164d799447dhj9zgdz9k324qsg000000073g00000000nax9
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
703
request-context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
uwt.js
static.ads-twitter.com/ 		56 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.ads-twitter.com/uwt.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/twitter.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.120.157 Frankfurt am Main, Germany, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
last-modified
Fri, 22 Mar 2024 21:07:24 GMT
x-amz-server-side-encryption
AES256
etag
"bbbcf811d8437a575d796a4c1e5d4fad+gzip+gzip"
vary
Accept-Encoding,Host
x-cache
HIT, HIT
content-type
application/javascript; charset=utf-8
p3p
CP="CAO DSP LAW CURa ADMa DEVa TAIa PSAa PSDa IVAa IVDa OUR BUS IND UNI COM NAV INT"
x-tw-cdn
FT
cache-control
no-cache
accept-ranges
bytes
content-length
15412
x-served-by
cache-iad-kiad7000168-IAD, cache-fra-etou8220111-FRA
shim.js
cdn.userleap.com/ 		137 KB
46 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.userleap.com/shim.js?id=jhOvgs1si6
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/userleap.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.36.16 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-36-16.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e12dbcca5967276713c5ac9d81bb6bbec9ca14ca3ee0b2211e1c362d5b6f8731

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 09 Apr 2024 23:19:33 GMT
x-amz-version-id
w6e1vBELNvjdnoZEakQy8FJ8r3CiPMeQ
content-encoding
br
last-modified
Tue, 26 Mar 2024 16:38:36 GMT
server
AmazonS3
via
1.1 cdf03e675736c21829fede7b370fd99a.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
etag
W/"0f0341df5b9469d61933e04b10a91df4"
x-amz-server-side-encryption
AES256
vary
Accept-Encoding
x-cache
Hit from cloudfront
content-type
application/javascript
age
49324
x-amz-cf-id
hqsm6mKbPS_TNi7fkQ6X1toSPGGntFIgQDmwWFUls207iVjH04PJvQ==
/
evnt.byspotify.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://app.monarchmoney.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 10 Apr 2024 13:01:36 GMT
via
1.1 google
/
evnt.byspotify.com/ 		2 B
97 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Requested by
Host: pixel.byspotify.com
URL: https://pixel.byspotify.com/ping.min.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
via
1.1 google
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
false
access-control-allow-headers
Content-Type, Accept
content-length
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
adsct
t.co/1/i/ 		43 B
376 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://t.co/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=155650b2-1313-4064-a78b-602f34932915&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fb7c1332-b58f-49c5-85d3-f46283826c40&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2Faccounts%2Fdetails%2F164068825058880941&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.133 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
182
date
Wed, 10 Apr 2024 13:01:36 GMT
strict-transport-security
max-age=0
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
b86872e5cf7ff5c1
cache-control
no-cache, no-store, max-age=0
perf
7469935968
x-connection-hash
d2ed61984c8d2deffb60306362320f5a70a17facab6668c282c125501e2efee5
content-length
43
adsct
analytics.twitter.com/1/i/ 		43 B
727 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://analytics.twitter.com/1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=155650b2-1313-4064-a78b-602f34932915&integration=advertiser&p_id=Twitter&p_user_id=0&pl_id=fb7c1332-b58f-49c5-85d3-f46283826c40&tw_document_href=https%3A%2F%2Fapp.monarchmoney.com%2Faccounts%2Fdetails%2F164068825058880941&tw_iframe_status=0&txn_id=ocmu9&type=javascript&version=2.3.30
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.244.42.131 , United States, ASN13414 (TWITTER, US),
Reverse DNS
Software
tsa_o /
Resource Hash
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
Security Headers
Name Value
Strict-Transport-Security max-age=631138519

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-response-time
186
date
Wed, 10 Apr 2024 13:01:35 GMT
strict-transport-security
max-age=631138519
server
tsa_o
content-type
image/gif;charset=utf-8
x-transaction-id
be3ed89b99cf4548
cache-control
no-cache, no-store, max-age=0
perf
7469935968
x-connection-hash
93f467cf01ab4fea31a40432b96a3e8bf1e8a86e7be7094a2f4a6a9f82afdf8d
content-length
43
t2_5u6sm01h_telemetry
www.redditstatic.com/ads/conversions-config/v1/pixel/config/ 		86 B
700 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.redditstatic.com/ads/conversions-config/v1/pixel/config/t2_5u6sm01h_telemetry
Requested by
Host: www.redditstatic.com
URL: https://www.redditstatic.com/ads/pixel.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a04:4e42:400::396 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
snooserv /
Resource Hash
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.02, "failure_fraction": 0.02}
server
snooserv
vary
Accept-Encoding,Origin
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=300
accept-ranges
bytes
content-length
98
rp.gif
alb.reddit.com/ 		42 B
637 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://alb.reddit.com/rp.gif?ts=1712754096441&id=t2_5u6sm01h&event=PageVisit&m.itemCount=&m.value=&m.valueDecimal=&m.currency=&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=09cb3ecd-8816-481a-bff1-5c065e79e3b0&aaid=&em=&external_id=&idfa=&integration=reddit&opt_out=0&sh=800&sw=600&v=rdt_c9439d84&dpm=&dpcc=&dprc=
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.129.140 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Varnish /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
via
1.1 varnish
nel
{"report_to": "w3-reporting-nel", "max_age": 14400, "include_subdomains": false, "success_fraction": 0.3, "failure_fraction": 0.3}
server
Varnish
report-to
{"group": "w3-reporting-nel", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-nel.reddit.com/reports" }]}, {"group": "w3-reporting", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting.reddit.com/reports" }]}, {"group": "w3-reporting-csp", "max_age": 14400, "include_subdomains": true, "endpoints": [{ "url": "https://w3-reporting-csp.reddit.com/reports" }]}
content-type
image/gif
cross-origin-resource-policy
cross-origin
accept-ranges
bytes
content-length
42
retry-after
0
main.MTFhN2NkNDczMQ.js
analytics.tiktok.com/i18n/pixel/static/ 		431 KB
114 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTFhN2NkNDczMQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CAG18GJC77U2NHFFNB3G&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
ed6d3879e83eea603a014f1a6918ebfbec89aa7abc0abc1a51daee288a10715f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
54e6493
date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
2024040812453980E1AC5EA1E3BE544EEF
x-tt-trace-id
00-24040812453980E1AC5EA1E3BE544EEF-0EF44DA2E6B5DF6C-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
01df4ac890d7f21639c2419c256e6dcc41aad20c912f76f9ee756c1698b34ea0693ad46c84e59ec5856fa43d4d56a825ae4386568987044d06d1d95d3ba41384ad0847735ed926c1bb8d7e947db0bf4ffbc75207470defedb231cfbd148f930086
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
content-length
116113
clarity.js
www.clarity.ms/s/0.7.27/ 		60 KB
25 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/s/0.7.27/clarity.js
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/tag/hjy3lwdr3i
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
482d1dd6e19c705493e390d6a3427887cfd2c47ec7ee7c85282370687a5ed2ee

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
br
last-modified
Tue, 02 Apr 2024 23:38:07 GMT
etag
W/"0x8DC536DF2EAB768"
vary
Accept-Encoding
x-azure-ref
20240410T130136Z-164d799447dhj9zgdz9k324qsg000000073g00000000naxv
content-type
application/javascript;charset=utf-8
access-control-allow-origin
*
x-ms-request-id
f2934aaf-601e-0050-7740-89ec8b000000
cache-control
public, max-age=86400
x-cache
TCP_HIT
x-ms-version
2018-03-28
x-fd-int-roxy-purgeid
51562430
identify_38a7e.js
analytics.tiktok.com/i18n/pixel/static/ 		139 KB
37 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_38a7e.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTFhN2NkNDczMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
1c7a13438386b27ae3874ff95ac5cb2ed21b805261427e9da870e93c35e788de

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-akamai-request-id
54e65f8
date
Wed, 10 Apr 2024 13:01:36 GMT
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server
nginx
x-tt-logid
202404081245398FE99C35112EBD4A18E5
x-tt-trace-id
00-2404081245398FE99C35112EBD4A18E5-0078EAA0CDF6C27C-00
vary
Accept-Encoding
x-cache
TCP_MEM_HIT from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
content-type
application/javascript; charset=UTF-8
cache-control
public, max-age=31536000, immutable
x-tt-trace-host
0127421c26ade387dc3c83e1413621ff94eb54cb17e99dacff5677a4359bac3a1aba0a7928c88d7b680aa6c2b7418c90edfbcaaf91c8e90c4f7fe6b2a5515927f4b0c6166df142a98ebd8bbc9149fbd631e8dd197d39859ec8a19707ba2d0ed93d
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=3
content-length
37148
pixel
analytics.tiktok.com/api/v2/ 		0
700 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTFhN2NkNDczMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
54e668e
date
Wed, 10 Apr 2024 13:01:36 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2404101301365988B0BF20D21440AC1B-15EFE6AFC9D6032C-00
x-cache
TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
server-timing
inner; dur=33, cdn-cache; desc=MISS, edge; dur=3, origin; dur=126
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202404101301365988B0BF20D21440AC1B
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
126,2.20.179.90
x-tt-trace-host
01bebdcd0d5642d80e2bac0bb2240c851fc4557443469f347f9574b9d9a6f64d01a979a5786c22cdf2dbd8c30a04e5a5c30a4f27ba16b6e41a23818a0186faac25dc5e71d0c8bc6ca5b1547317f86d9837c3784333971b0f694c0581567bd5e914
access-control-allow-headers
Authorization,*
expires
Wed, 10 Apr 2024 13:01:36 GMT
collect
n.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.27/clarity.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Wed, 10 Apr 2024 13:01:37 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
act
analytics.tiktok.com/api/v2/pixel/ 		0
698 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTFhN2NkNDczMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
54e6861
date
Wed, 10 Apr 2024 13:01:37 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2404101301371904049A685D1B403416-5381853CD511850A-00
x-cache
TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
server-timing
inner; dur=20, cdn-cache; desc=MISS, edge; dur=5, origin; dur=109
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202404101301371904049A685D1B403416
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
109,2.20.179.90
x-tt-trace-host
01bebdcd0d5642d80e2bac0bb2240c851fc4557443469f347f9574b9d9a6f64d01abb00bfde3a894aa681666d1d12320288b316aef17fd61ee05fabb836646d8d202d3a34d3d6f01b45d18de08d594d1ae5f5613eb29a6642044a0059cfb3718a1
access-control-allow-headers
Authorization,*
expires
Wed, 10 Apr 2024 13:01:37 GMT
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed406b561a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:39 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 7e4697cba45e8d37ef260248ebeaccf0.cloudfront.net (CloudFront)
x-amz-cf-id
1oOshj42XmWKcUzkRldF-Kfunli0KiJ5A0yJcyvcp1L8wMNw2x4a0A==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960020-PAR
x-timer
S1712754099.319746,VS0,VE0
a6d27825-d098-4375-a7bc-cba61c9f0f14
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/a6d27825-d098-4375-a7bc-cba61c9f0f14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed406b591a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:39 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 834f63af56be39c339db32b1eb931e1a.cloudfront.net (CloudFront)
x-amz-cf-id
rmT0e6KnFgSHfJT5mBbGvScC7S2vviYj-MlmvT41bBSqP37e932Esw==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960093-PAR
x-timer
S1712754099.315554,VS0,VE0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
graphql
api.monarchmoney.com/ Frame 		0
0
splitChanges
features.monarchmoney.com/sdk/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=-1
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed406b5a1a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:39 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 54ebf0a06ec7306301fb9a98086cc9b0.cloudfront.net (CloudFront)
x-amz-cf-id
eMxqFzO_gKc5_kiZuEoxv19Yhj7d9d3JJOWPWJcl3wNZLeWSBHOm4g==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960091-PAR
x-timer
S1712754099.318151,VS0,VE0
/
sentry.io/api/4279731/envelope/ 		2 B
324 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://sentry.io/api/4279731/envelope/?sentry_key=c30257d77b584b85ae393c793212f685&sentry_version=7
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
35.186.247.156 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
156.247.186.35.bc.googleusercontent.com
Software
nginx /
Resource Hash
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
https://app.monarchmoney.com/
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 google
server
nginx
vary
origin,access-control-request-method,access-control-request-headers
content-type
application/json
access-control-allow-origin
*
access-control-expose-headers
x-sentry-error,x-sentry-rate-limits,retry-after
x-envoy-upstream-service-time
0
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
2
v3
js.stripe.com/ 		601 KB
148 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.173.187.121 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-173-187-121.muc50.r.cloudfront.net
Software
Cloudfront /
Resource Hash
bb9618da0bda5d15a6063465f31d317ba61f7b3f4284eb6e92715fb0f47abf2a
Security Headers
Name Value
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:04 GMT
content-encoding
br
via
1.1 0b2ae559ee268e62d32798bba4c8c014.cloudfront.net (CloudFront)
strict-transport-security
max-age=31556926; includeSubDomains; preload
x-content-type-options
nosniff
age
35
x-amz-cf-pop
MUC50-P4
x-cache
Hit from cloudfront
last-modified
Tue, 09 Apr 2024 21:16:55 GMT
server
Cloudfront
etag
W/"1b45010471df3a1640d85743285b4621"
vary
Accept-Encoding
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=60
timing-allow-origin
*
x-amz-cf-id
6EOdOIYkDARXDsoQb-Kt7uAPFBraUVhPAa7-7qmD_9Ue5hSDsfsSbA==
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
392 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 353b5beb914b16713dce3f992e61e3e2.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
285929
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kiad7000133-IAD, cache-dub4327-DUB
server
cloudflare
x-timer
S1712754099.422608,VS0,VE0
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kcgs7200069-IAD-b451b5fc-a141-47f0-b62d-764a16a0ac2c; cache-dub4329-DUB-b4ca63bb-6222-4625-8d8b-3862111c5dbd
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed410c191a6b-FRA
x-amz-cf-id
N8khjMfl7ktsbNzOzFrjm838SqP3IcCJYMfyfEDhUZrjxD_wLx73sA==
x-cache-hits
146, 72
a6d27825-d098-4375-a7bc-cba61c9f0f14
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
403 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/a6d27825-d098-4375-a7bc-cba61c9f0f14
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 834f63af56be39c339db32b1eb931e1a.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
0
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kjyo7100074-IAD, cache-dub4321-DUB
server
cloudflare
x-timer
S1712754099.396638,VS0,VE100
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100074-IAD-a5c7e4c9-ae46-47ed-9b2f-241091d6dac5; cache-dub4321-DUB-b3514a3e-67cb-4b5b-8293-a3a435474fec
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed410c111a6b-FRA
x-amz-cf-id
B0m_oT_7dNFDlEqFfiWbEbc_rTFvnmcvUZDitJy3N_RGTpg2U7pJRw==
x-cache-hits
0, 0
collect
n.clarity.ms/ 		0
0
collect
n.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Wed, 10 Apr 2024 13:01:39 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
truncated
/ 		1 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

Content-Type
image/png
Graphik-Medium.8206f65f..woff2
app.monarchmoney.com/static/media/ 		35 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/media/Graphik-Medium.8206f65f..woff2
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-length
35489
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"8aa1-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
font/woff2
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8722ed401edc5d45-FRA
Graphik-Regular.7019447d..woff2
app.monarchmoney.com/static/media/ 		36 KB
42 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/media/Graphik-Regular.7019447d..woff2
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-length
36525
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"8ead-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
font/woff2
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
accept-ranges
bytes
cf-ray
8722ed401edf5d45-FRA
MonarchIcons.50735870..ttf
app.monarchmoney.com/static/media/ 		25 KB
19 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/static/media/MonarchIcons.50735870..ttf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
36b81b9b64f11e110bca24fb4f4b542f3d0433362cf83e1d341e229430483728
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Origin
https://app.monarchmoney.com
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"6400-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
font/ttf
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed401ee05d45-FRA
snippet.js
static.zdassets.com/ekr/ 		10 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.a76ca012.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
x-amz-version-id
sR7NItkX1i3nKckB5vEat7T2DUmPnRiJ
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
FP55XB5VFRXR2JJV
age
30
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
Bb/sLb3GNygsC2XL8RUYzNHCDmFtTSK9Wp9i9Q7fP2A7lgbVVDGHyXL9Rv1DCP3ZNWR4nJjWZUcfj/t+UuCPtg==
last-modified
Mon, 15 Jan 2024 02:56:11 GMT
server
cloudflare
etag
W/"c0053b411b753138af468db1bd3b19f3"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=VLQMmyTcbw0IMBpT0PPTLAkbJHDX5I1c0OsH6dds502wqw8XZ%2FGtbKJHLRuTtuoIhWZQ82xb7FWEY8Gu9wUkED%2Fs0%2BwHhSbxLfaWVO2E%2FrolIBNTwS467F1A0X6n5q8Nt%2BnxAvg%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=3600, s-maxage=60
access-control-max-age
0
cf-ray
8722ed424b3c3518-WAW
access-control-allow-headers
*
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
graphql
api.monarchmoney.com/ 		0
0
events-script
events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 		110 KB
30 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:20c3:fe00:9:a6e8:8080:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
7474a3d08f329402de1a61a5d7e20fbd1dfc6d246557e2aef042ebb6b102cb42

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
x-amz-version-id
ez8X4wnYo4uTARVgC7ddVKWqvjNnPlRL
content-encoding
br
via
1.1 92ab13182d4b89ed20b3b5c10adc4f22.cloudfront.net (CloudFront), 1.1 22a1b3c2f1a7b6d72ce563a230b92a90.cloudfront.net (CloudFront)
x-amz-cf-pop
FRA6-C1, MUC50-C1
x-amz-server-side-encryption
AES256
x-cache
Miss from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 03 Apr 2024 16:38:23 GMT
server
AmazonS3
etag
W/"24069a3e8e441c1038812c1f531f6232"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=120
vary
Accept-Encoding
x-amz-cf-id
ogCzv-dZqq6CGZZkv90a9hB3t-spKXuDw3AFu2hCyYMcSVOw7t-SQg==
client
accounts.google.com/gsi/ 		219 KB
84 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://accounts.google.com/gsi/client
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c09::54 Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
8d7f4084a9e840a0072094bedaf18a51a4bff728018d1cd810fe7060af78377a
Security Headers
Name Value
Content-Security-Policy script-src 'report-sample' 'nonce-00QnEpLJ8E2t3kHU6ZCNWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
script-src 'report-sample' 'nonce-00QnEpLJ8E2t3kHU6ZCNWA' 'unsafe-inline' 'strict-dynamic' https: http: 'unsafe-eval';object-src 'none';base-uri 'self';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http, require-trusted-types-for 'script';report-uri https://csp.withgoogle.com/csp/identity-sign-in-google-http
content-encoding
gzip
x-content-type-options
nosniff
server
ESF
x-frame-options
SAMEORIGIN
report-to
{"group":"coop_dd7de8473bddc59c6b748810a67a39b1","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/dd7de8473bddc59c6b748810a67a39b1"}]}
content-type
application/javascript; charset=utf-8
cache-control
private, max-age=1800
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection
0
cross-origin-opener-policy-report-only
same-origin; report-to="coop_dd7de8473bddc59c6b748810a67a39b1"
expires
Wed, 10 Apr 2024 13:01:39 GMT
appleid.auth.js
appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/ 		42 KB
17 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://appleid.cdn-apple.com/appleauth/static/jsapi/appleid/1/en_US/appleid.auth.js
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/main.a76ca012.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
184.30.208.159 Frankfurt am Main, Germany, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a184-30-208-159.deploy.static.akamaitechnologies.com
Software
Apple /
Resource Hash
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Strict-Transport-Security
max-age=31536000; includeSubDomains; preload
Content-Encoding
gzip
Date
Wed, 10 Apr 2024 13:01:39 GMT
Last-Modified
Tue, 09 Apr 2024 17:13:05 GMT
Server
Apple
ETag
W/"43171-1712682785600"
Vary
accept-encoding
Content-Type
application/javascript;charset=UTF-8
Access-Control-Allow-Origin
*
Cache-Control
public, max-age=86400,stale-while-revalidate=86400
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
17356
splitChanges
features.monarchmoney.com/sdk/api/ 		206 KB
12 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=-1
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4668a2555226e09b40487f4c0efa0e4aee02a4ee7307127d7013bed4dc29b949
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 54ebf0a06ec7306301fb9a98086cc9b0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
56282
x-cache
Miss from cloudfront
content-length
11751
x-served-by
cache-iad-kiad7000046-IAD, cache-dub4328-DUB
last-modified
Tue, 09 Apr 2024 21:23:31 GMT
server
cloudflare
x-timer
S1712754099.401188,VS0,VE1
etag
"1712697811484"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kiad7000046-IAD-979bc278-e48a-48d5-bb10-d91d925d6480; cache-dub4333-DUB-f3f514b6-311b-43da-98ce-e447858ff3e4
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed410c211a6b-FRA
x-amz-cf-id
slS2AlVzbCGFCL8EA2JRk0v1Qt4CYgqcGnIzCHIb7QOiVGuRZuYWeA==
x-cache-hits
72, 0
butterfly-logo.svg
app.monarchmoney.com/ 		859 B
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/butterfly-logo.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"35b-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed404f145d45-FRA
logo-color.svg
app.monarchmoney.com/ 		4 KB
7 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/logo-color.svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"111d-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed404f155d45-FRA
apple-logo.631edd89..svg
app.monarchmoney.com/static/media/ 		704 B
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/static/media/apple-logo.631edd89..svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"2c0-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed404f165d45-FRA
google-logo.e675ec58..svg
app.monarchmoney.com/static/media/ 		1 KB
6 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://app.monarchmoney.com/static/media/google-logo.e675ec58..svg
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:39:21 GMT
server
cloudflare
etag
W/"45d-18ec80518a8"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754099&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=7TtCTaiis%2Fwjo5qvdTqx2crDWAxSYlpbiRBb3Z3gXbk%3D"}]}
content-type
image/svg+xml
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed404f175d45-FRA
auth
features.monarchmoney.com/auth/api/ 		714 B
653 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=a6d27825-d098-4375-a7bc-cba61c9f0f14
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d205d2b212c76b941704997298d9cf7e47dd407328c325f7f28cd7615eb429b7
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=15770000; includeSubDomains
x-content-type-options
nosniff
content-security-policy
frame-ancestors 'self'
via
1.1 7e4697cba45e8d37ef260248ebeaccf0.cloudfront.net (CloudFront)
x-permitted-cross-domain-policies
master-only
cf-cache-status
DYNAMIC
x-amz-cf-pop
CDG50-C1
content-encoding
gzip
x-cache
Miss from cloudfront
server
cloudflare
x-frame-options
DENY
access-control-allow-methods
GET, OPTIONS
content-type
application/json; charset=utf-8
access-control-allow-origin
https://app.monarchmoney.com
access-control-allow-credentials
true
cf-ray
8722ed42de3e1a6b-FRA
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
x-amz-cf-id
D4Iw0RFg2aywaxlamP92TxgUdidBzM5X4ysUvGi_yeEAXVLggN2lRw==
event
sdk-api-v1.singular.net/api/v1/ 		51 B
307 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1712754099&event_id=ffd01320-29d6-42ea-a1cf-7e00351163a9&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=600&screen_width=800&sdk=WebSDK-v1.2.8&singular_instance_id=1db6d546-69b9-44e1-8e83-b2a1023f2da6&sdid=f68473c1-9646-4548-bdc5-88f16e99403f&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1712754099&u=f68473c1-9646-4548-bdc5-88f16e99403f&n=__PAGE_VISIT__&is_revenue_event=false&s=e47b2839-901e-46f3-bdb4-10471df471d5&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Windows&lag=0&h=1ad4cc9896d558f25aadfeb70899336daa3a5ffe
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.147.82 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-147-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:39 GMT
apsalar-extra
security hash failed
vary
Accept-Encoding
access-control-allow-methods
POST, GET, OPTIONS
content-type
application/json
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
access-control-allow-headers
Content-Type, Content-Length
content-length
51
expires
Wed, 10 Apr 2024 13:01:39 GMT
act
analytics.tiktok.com/api/v2/pixel/ 		0
842 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTFhN2NkNDczMQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.18.64.26 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-18-64-26.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

x-akamai-request-id
ec2dc35.54e8218
date
Wed, 10 Apr 2024 13:01:39 GMT
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2404101301392D5CBFC6A56BDB425D67-0571AF5DF51ABD46-00
x-cache
TCP_MISS from a2-20-179-90.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
x-parent-response-time
114,2.20.179.90
server-timing
cdn-cache; desc=MISS, edge; dur=93, origin; dur=27, inner; dur=19
content-length
0
pragma
no-cache
server
nginx
x-tt-logid
202404101301392D5CBFC6A56BDB425D67
x-cache-remote
TCP_MISS from a23-46-238-102.deploy.akamaitechnologies.com (AkamaiGHost/11.4.4.1-55329865) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
x-origin-response-time
27,23.46.238.102
x-tt-trace-host
01bebdcd0d5642d80e2bac0bb2240c851fa9d86fe2b036d79025ff1a0c8280a229498f0781e65775b42e3efb3a26bc30aaadee6c1dfffe78d72a65f0200bad56ca662dccc1ca4c3b8d74a45a65c10beaf34b0f20105a2f59c6ad814a540cde73329cdff03ebdf7d5d67c88b4da00499f86
access-control-allow-headers
Authorization,*
expires
Wed, 10 Apr 2024 13:01:39 GMT
controller-with-preconnect-ed4de20c5f731da4f8893189682f364e.html
js.stripe.com/v3/ Frame A2A6 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/controller-with-preconnect-ed4de20c5f731da4f8893189682f364e.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
36
cache-control
max-age=60, stale-while-revalidate=900
content-encoding
br
content-length
230
content-security-policy
base-uri 'none'; connect-src 'self' https://api.stripe.com https://merchant-ui-api.stripe.com https://stripe.com/cookie-settings/enforcement-mode https://errors.stripe.com https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src 'self'; img-src 'self' https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self' 'sha256-0hAheEzaMe6uXIKV4EehS9pu1am1lj/KnnzrOYqckXk='; worker-src 'none'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 10 Apr 2024 13:01:39 GMT
etag
"ed4de20c5f731da4f8893189682f364e"
last-modified
Tue, 09 Apr 2024 20:49:01 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
8
x-content-type-options
nosniff
x-request-id
38974d94-d828-4a59-82d3-c0758e985c42
x-served-by
cache-fra-etou8220149-FRA
auth
features.monarchmoney.com/auth/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/auth/api/auth?users=UNKNOWN&users=a6d27825-d098-4375-a7bc-cba61c9f0f14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Content-Security-Policy frame-ancestors 'self'
Strict-Transport-Security max-age=15770000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
true
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion
access-control-allow-methods
GET, OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
cf-cache-status
DYNAMIC
cf-ray
8722ed409b9f1a6b-FRA
content-length
4
content-security-policy
frame-ancestors 'self'
content-type
application/json; charset=utf-8
date
Wed, 10 Apr 2024 13:01:39 GMT
server
cloudflare
strict-transport-security
max-age=15770000; includeSubDomains
via
1.1 20b61f8a897671342027285e75830e4e.cloudfront.net (CloudFront)
x-amz-cf-id
W-I7V_xFnhgtDldV2_U8zLnsF8vP5SvyWSOruB-_u0j_MMVtPY3mZg==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-content-type-options
nosniff
x-frame-options
DENY
x-permitted-cross-domain-policies
master-only
collect
n.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Wed, 10 Apr 2024 13:01:40 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
event
sdk-api-v1.singular.net/api/v1/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://sdk-api-v1.singular.net/api/v1/event?current_device_time=1712754099&event_id=ffd01320-29d6-42ea-a1cf-7e00351163a9&conversion_event=true&k=SDID&a=monarch_money_85497080&p=Web&i=com.monarchmoney.web.app&screen_height=600&screen_width=800&sdk=WebSDK-v1.2.8&singular_instance_id=1db6d546-69b9-44e1-8e83-b2a1023f2da6&sdid=f68473c1-9646-4548-bdc5-88f16e99403f&storage_type=local&timezone=GMT%2B0200&touchpoint_timestamp=1712754099&u=f68473c1-9646-4548-bdc5-88f16e99403f&n=__PAGE_VISIT__&is_revenue_event=false&s=e47b2839-901e-46f3-bdb4-10471df471d5&is_first_visit=true&is_page_refreshed=false&sdid_persist_mode=auto&os=Windows&lag=0&h=1ad4cc9896d558f25aadfeb70899336daa3a5ffe
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2.17.147.82 Prague, Czech Republic, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a2-17-147-82.deploy.static.akamaitechnologies.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Content-Type, Content-Length
access-control-allow-methods
POST, GET, OPTIONS
access-control-allow-origin
*
cache-control
max-age=0, no-cache, no-store
content-length
0
date
Wed, 10 Apr 2024 13:01:39 GMT
expires
Wed, 10 Apr 2024 13:01:39 GMT
pragma
no-cache
vary
Accept-Encoding
d8d33592-cf5c-4ae3-ae8f-553657823fbf
ekr.zdassets.com/compose/ 		493 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://ekr.zdassets.com/compose/d8d33592-cf5c-4ae3-ae8f-553657823fbf
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.72.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
80e2b7451c1fc1dea6d7c12cf689ca85b5f46155dd0823fe5d27214c54d09562
Security Headers
Name Value
Strict-Transport-Security max-age=0
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:39 GMT
strict-transport-security
max-age=0
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
x-permitted-cross-domain-policies
none
content-encoding
br
cdn-cache-control
max-age=60
x-xss-protection
1; mode=block
x-request-id
871936d37f5d258e-SEA, 871936d37f5d258e-SEA
x-runtime
0.011966
referrer-policy
strict-origin-when-cross-origin
server
cloudflare
etag
W/"80e2b7451c1fc1dea6d7c12cf689ca85"
x-download-options
noopen
x-frame-options
SAMEORIGIN
access-control-max-age
7200
access-control-allow-methods
GET, POST, OPTIONS
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=w3R2RGGgZ1RYT%2Fjc4eo7T9T3csWuNN6k8ZeSh48bXNc3ZVS3%2FDPfOGMMGHyOMbCsaUI7Y3%2FUC8C4j%2FRzMsdfrLy9EkBoftk4%2BY%2BztsUPFH%2B%2Brue9Q8kDApm9Jf05OCLiKPY%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
vary
Accept, Origin, Accept-Encoding
cache-control
max-age=300, public, stale-while-revalidate=300, stale-if-error=21600
content-type
application/json; charset=utf-8
x-zendesk-zorg
yes
cf-ray
8722ed435d59bf65-WAW
web-widget-main-0a93784.js
static.zdassets.com/web_widget/classic/latest/ Frame 711F 		969 KB
277 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-main-0a93784.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/ekr/snippet.js?key=d8d33592-cf5c-4ae3-ae8f-553657823fbf
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0299fe3b788b70b13c94cda8b38542f2ab16bec27ed26b34295412f615c80e48
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
x-amz-version-id
3oJXdytUit8PgRNqRqrZ9axhMjDX3lS4
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
FK0N3DZ4SERMX260
age
100
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
aWsMQUbhGQM+t1MuJTN+MgUqEiGBxau+i2MwW8xoFbbZ6qntkil3pFFXAdsM4bzWV8EKD+hVNJl+IipNnIou5Q==
last-modified
Wed, 03 Apr 2024 10:26:50 GMT
server
cloudflare
etag
W/"7d57cf2646a5abfa9b3c6fbf907250a9"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=ugmQiGYhU5MhfJeCXvc1MvsVXu7LqEcn8k32cu08%2Fq8tSGmesEH5L298meMRxZm53tw08mK6YvdBzj7keVs5nPxqTzX0lIg94%2FqOhFAfu0HPQJUussuxkxFwOt%2BZQu5xNb3NLxs%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
8722ed44ff393518-WAW
access-control-allow-headers
*
expires
Thu, 03 Apr 2025 10:26:49 GMT
sse
streaming.split.io/ 		1 KB
0 		EventSource
General
Check archive.org
Download Go to
Full URL
https://streaming.split.io/sse?channels=Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTA3MTQzMjAwMQ%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_MTY3MTQ0NDk2OA%3D%3D_mySegments,Mjc0MTc1MjU4_MTg2NDExMDgxOA%3D%3D_splits,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_pri,%5B%3Foccupancy%3Dmetrics.publishers%5Dcontrol_sec&accessToken=eyJhbGciOiJIUzI1NiIsImtpZCI6IkRQVkE3QS44czhnaVEiLCJ0eXAiOiJKV1QifQ.eyJ4LWFibHktY2FwYWJpbGl0eSI6IntcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UQTNNVFF6TWpBd01RPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X01UWTNNVFEwTkRrMk9BPT1fbXlTZWdtZW50c1wiOltcInN1YnNjcmliZVwiXSxcIk1qYzBNVGMxTWpVNF9NVGcyTkRFeE1EZ3hPQT09X3NwbGl0c1wiOltcInN1YnNjcmliZVwiXSxcImNvbnRyb2xfcHJpXCI6W1wic3Vic2NyaWJlXCIsXCJjaGFubmVsLW1ldGFkYXRhOnB1Ymxpc2hlcnNcIl0sXCJjb250cm9sX3NlY1wiOltcInN1YnNjcmliZVwiLFwiY2hhbm5lbC1tZXRhZGF0YTpwdWJsaXNoZXJzXCJdfSIsIngtYWJseS1jbGllbnRJZCI6ImNsaWVudElkIiwiZXhwIjoxNzEyNzU3Njk5LCJpYXQiOjE3MTI3NTQwOTl9.mdCj48STBHe0A7FljtKwezJ_1JdytCYHFXbMdKzO2oo&v=1.1&heartbeats=true
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:26db:fa00:6:5671:b9c0:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' 'sha256-/yNlf29RqDcjt2w39S21aaPKzBXq8LKu9qSh8jhbYx0='; frame-ancestors 'self'; frame-src status.ably.com
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Accept
text/event-stream
Cache-Control
no-cache
Referer
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self'; script-src 'self' 'sha256-/yNlf29RqDcjt2w39S21aaPKzBXq8LKu9qSh8jhbYx0='; frame-ancestors 'self'; frame-src status.ably.com
date
Wed, 10 Apr 2024 13:01:40 GMT
x-content-type-options
nosniff
via
1.1 2dd902cd86ee8f22d66046533880d3e8.cloudfront.net (CloudFront)
x-ably-cluster
production:split
x-amz-cf-pop
MUC50-P3
x-cache
Miss from cloudfront
referrer-policy
no-referrer
vary
Origin
x-ably-serverid
frontend.06d8.3.eu-central-1-A.i-0bbe624b852c792c8.e91LXYpUgBae8y
content-type
text/event-stream
access-control-allow-origin
https://app.monarchmoney.com
access-control-expose-headers
Link,Transfer-Encoding,Content-Length,X-Ably-ErrorCode,X-Ably-ErrorMessage,X-Ably-ServerId,X-Ably-Cluster,Server,X-Amz-Cf-Pop
access-control-allow-credentials
true
x-robots-tag
noindex
x-amz-cf-id
Gas8D56B5Yyj1hQlhd6ovY4Oq2a50BwxLnoL3OUovYEJOdB_djOEOg==
en-us-json-0a93784.js
static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/ Frame 711F 		25 KB
6 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.zdassets.com/web_widget/classic/latest/web-widget-locales/classic/en-us-json-0a93784.js
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-0a93784.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
104.18.70.113 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
Security Headers
Name Value
Strict-Transport-Security max-age=0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
x-amz-version-id
qxY6R5IY51tjnVPX4zNFeYVwMSskvqXk
content-encoding
br
cf-cache-status
HIT
nel
{"success_fraction":0,"report_to":"cf-nel","max_age":604800}
strict-transport-security
max-age=0
x-amz-request-id
FK0XYG8M7ZPR8Z0E
age
101863
x-amz-server-side-encryption
AES256
x-amz-replication-status
COMPLETED
x-amz-id-2
YiQXs9uOeEOWI96q7KDzBBQAo9N/EfMD6IzIeKjhxkuu6ZGFKVQKfc/Ok6yB4gubTH58k6vPR9ZzoR7m9visMw==
last-modified
Wed, 03 Apr 2024 10:26:52 GMT
server
cloudflare
etag
W/"6eb45e96a7cbb4b8ca10897f3cf09981"
vary
Accept-Encoding
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=8nXAU%2FGtITvOzBNL7HbZAP4WC%2B95FFOjc6BUsF4gmKzaQJDlys7kG9duXIzseiwplMjHGD9CDqlttpD2R%2BUs4IFEdiudEuPaovDp6RbFLrzCsor3Jht1Nzseo%2FOP%2F1RG2Wf2luE%3D"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
access-control-allow-methods
GET, HEAD
cache-control
public, max-age=31536000
access-control-max-age
0
cf-ray
8722ed46795f3518-WAW
access-control-allow-headers
*
expires
Thu, 03 Apr 2025 10:26:51 GMT
config
monarchmoney.zendesk.com/embeddable/ Frame 711F 		155 B
888 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://monarchmoney.zendesk.com/embeddable/config
Requested by
Host: static.zdassets.com
URL: https://static.zdassets.com/web_widget/classic/latest/web-widget-main-0a93784.js
Protocol
H2
Security
TLS 1.2, ECDHE_ECDSA, AES_128_GCM
Server
104.16.53.111 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
content-encoding
br
cf-cache-status
EXPIRED
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
x-zendesk-origin-server
embeddable-app-server-74db44fd56-474mr
x-cached
MISS
x-runtime
0.002587
last-modified
Wed, 10 Apr 2024 12:35:50 GMT
server
cloudflare
access-control-max-age
7200
access-control-allow-methods
GET
content-type
application/json; charset=utf-8
access-control-allow-origin
*
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=l%2F2Pogk0KuOuDKl71h8dOjAwawLSom67OEU5STa6gl6ZtiUCSGsC2hA3f9mLpQ599qUBYIDpDLMvsT2nGjrMFPrBfqWtxxKPF1yuMLfsUhMW5Fx1uOqQs%2FxYFZVjQV0ZWxIcfasYqRKmDg%3D%3D"}],"group":"cf-nel","max_age":604800}
access-control-expose-headers
cache-control
public, max-age=60, stale-while-revalidate=600, stale-if-error=3600
vary
Origin, Accept-Encoding
cf-ray
8722ed472c4434cd-WAW
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed469a281a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:40 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 54ebf0a06ec7306301fb9a98086cc9b0.cloudfront.net (CloudFront)
x-amz-cf-id
FnwVRqqYby3s7CTG5IH2pOpZDv8FlmvR-gmVW6dk6m9YXbtJeYPVag==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960021-PAR
x-timer
S1712754100.273917,VS0,VE0
a6d27825-d098-4375-a7bc-cba61c9f0f14
features.monarchmoney.com/sdk/api/mySegments/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/a6d27825-d098-4375-a7bc-cba61c9f0f14
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed469a2a1a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:40 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 834f63af56be39c339db32b1eb931e1a.cloudfront.net (CloudFront)
x-amz-cf-id
CbMKpNvpzVqCu_qFAIsQOn0_Cf17dAJJg_ak0M9dtLO_VkVofslUtg==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960086-PAR
x-timer
S1712754100.276142,VS0,VE0
splitChanges
features.monarchmoney.com/sdk/api/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=1712697811484
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

Accept
*/*
Access-Control-Request-Headers
authorization,content-type,splitsdkversion
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

accept-ranges
bytes
access-control-allow-headers
X-Requested-With, Origin, Content-Type, Accept, Authorization, Content-Length, X-User-Token, X-Request-ID, SplitSDKMachineName, SplitSDKMachineIP, SplitSDKVersion, Cache-Control
access-control-allow-methods
GET,PUT,POST,PATCH,DELETE,OPTIONS
access-control-allow-origin
https://app.monarchmoney.com
access-control-max-age
7200
allow
HEAD,GET,OPTIONS,POST,PUT,DELETE
cf-cache-status
DYNAMIC
cf-ray
8722ed469a301a6b-FRA
content-length
37
date
Wed, 10 Apr 2024 13:01:40 GMT
retry-after
0
server
cloudflare
strict-transport-security
max-age=15770000; includeSubdomains
vary
Cookie
via
1.1 varnish, 1.1 20b61f8a897671342027285e75830e4e.cloudfront.net (CloudFront)
x-amz-cf-id
J9sREXW5FZ9DtXPw8ILEl1ozZkwmqApGeV6xz_e9VIbHb3zSvrcpQg==
x-amz-cf-pop
CDG50-C1
x-cache
Miss from cloudfront
x-cache-hits
0
x-served-by
cache-par-lfpg1960066-PAR
x-timer
S1712754100.280897,VS0,VE0
UNKNOWN
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
504 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/UNKNOWN
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 54ebf0a06ec7306301fb9a98086cc9b0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
285930
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kiad7000133-IAD, cache-dub4321-DUB
server
cloudflare
x-timer
S1712754100.351326,VS0,VE0
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kcgs7200069-IAD-b451b5fc-a141-47f0-b62d-764a16a0ac2c; cache-dub4329-DUB-b4ca63bb-6222-4625-8d8b-3862111c5dbd
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed470a9e1a6b-FRA
x-amz-cf-id
sqq8Yh0g-9ROe4jj5dYonMHHOJLyNfrUw1SMpWQIzazbiATZGNGdgA==
x-cache-hits
146, 125
a6d27825-d098-4375-a7bc-cba61c9f0f14
features.monarchmoney.com/sdk/api/mySegments/ 		17 B
423 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/mySegments/a6d27825-d098-4375-a7bc-cba61c9f0f14
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 7e4697cba45e8d37ef260248ebeaccf0.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
1
x-cache
Miss from cloudfront
content-length
41
x-served-by
cache-iad-kjyo7100074-IAD, cache-dub4347-DUB
server
cloudflare
x-timer
S1712754100.357577,VS0,VE1
etag
"1000002"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100074-IAD-a5c7e4c9-ae46-47ed-9b2f-241091d6dac5; cache-dub4321-DUB-b3514a3e-67cb-4b5b-8293-a3a435474fec
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed470a9f1a6b-FRA
x-amz-cf-id
JT6D-chyvNsFLx53BP6mJCc1meU20CBvy0JKvWTvmayH1MlBo94d1g==
x-cache-hits
0, 1
splitChanges
features.monarchmoney.com/sdk/api/ 		56 B
509 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://features.monarchmoney.com/sdk/api/splitChanges?since=1712697811484
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::6816:3d79 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
00559b39552432368b3a8ee4c4660e4ca135f2d94839028b67a7bd443b0d7624
Security Headers
Name Value
Strict-Transport-Security max-age=15770000; includeSubdomains

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
SplitSDKVersion
react-1.2.6
Authorization
Bearer f84jple84efb5d8f63po7c1m5553aburgha4
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:40 GMT
strict-transport-security
max-age=15770000; includeSubdomains
content-encoding
gzip
cf-cache-status
DYNAMIC
via
1.1 varnish, 1.1 varnish, 1.1 834f63af56be39c339db32b1eb931e1a.cloudfront.net (CloudFront)
x-amz-cf-pop
CDG50-C1
age
56287
x-cache
Miss from cloudfront
content-length
64
x-served-by
cache-iad-kjyo7100051-IAD, cache-dub4338-DUB
last-modified
Tue, 09 Apr 2024 21:23:31 GMT
server
cloudflare
x-timer
S1712754100.361106,VS0,VE0
etag
"1712697811484"
vary
Accept-Encoding,Authorization
content-type
application/json; charset=utf-8
trace
cache-iad-kjyo7100032-IAD-b5376c9e-0f4b-4263-b1da-aecbabec48d9; cache-dub4363-DUB-05b66080-9978-4b68-8be8-ed575edcea1b
access-control-allow-origin
*
access-control-expose-headers
Access-Control-Allow-Origin,X-Request-Id
cache-control
no-transform, max-age=60, s-maxage=60
accept-ranges
bytes
cf-ray
8722ed471ab11a6b-FRA
x-amz-cf-id
Sh8oMgBOXH1lxkBLBn8tfS1EGqGLny_r88sV5d28Hhe0XdqV_kdeOA==
x-cache-hits
104, 27
collect
n.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Wed, 10 Apr 2024 13:01:40 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
settings
cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/ 		10 KB
3 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/v1/projects/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/settings
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fdc333bb979e5bc4903094252254cd7d44252e03561fea65225246f880eb7621

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

x-amz-version-id
QNtlm01ieoJjTn62N2fbdJCB_tHccPMF
content-encoding
br
via
1.1 da7d0e99d4b5322bc1c874b2af707374.cloudfront.net (CloudFront)
date
Wed, 10 Apr 2024 13:01:40 GMT
x-amz-cf-pop
MUC50-P2
age
8460
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Mon, 26 Feb 2024 23:40:20 GMT
server
AmazonS3
etag
W/"38f1c3b27b85a6565b704d8940c36091"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/json; charset=utf-8
access-control-allow-origin
*
cache-control
public, max-age=10800
vary
Accept-Encoding
x-amz-cf-id
8hF3n12INkr7AVrBoX0MepEdkjbF8g1nfJZg0yTd6-Q77la1J_8FXQ==
config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.228.185.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-195.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
Access-Control-Request-Method
GET
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
content-type,userleap-platform,x-ul-environment-id,x-ul-installation-method,x-ul-sdk-version,x-ul-visitor-id
access-control-allow-methods
GET,HEAD,PUT,PATCH,POST,DELETE
access-control-allow-origin
*
date
Wed, 10 Apr 2024 13:01:41 GMT
server
istio-envoy
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
vary
Access-Control-Request-Headers
x-envoy-upstream-service-time
13
config
api.sprig.com/sdk/1/environments/jhOvgs1si6/ 		958 B
1 KB 		Fetch
General
Check archive.org
Download Go to
Full URL
https://api.sprig.com/sdk/1/environments/jhOvgs1si6/config
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
3.228.185.195 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-3-228-185-195.compute-1.amazonaws.com
Software
istio-envoy /
Resource Hash
dc0c9e0cc02147dff32685f81f70ef7427b9f657d2d23f0d927bbd0534341fc3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
x-ul-visitor-id
e89bd992-d9cc-465c-92ea-3ea15089ea29
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
x-ul-installation-method
web-snippet
Referer
x-ul-sdk-version
2.26.6
x-ul-environment-id
jhOvgs1si6
userleap-platform
web
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
server
istio-envoy
etag
W/"3be-jXDgFusk4cUn61YPXIEEcpt4NOw"
vary
Accept-Encoding
content-type
application/json; charset=utf-8
access-control-allow-origin
*
x-envoy-upstream-service-time
18
timing-allow-origin
https://0.0.com, https://0.1.com, https://1.0.com, https://1.1.com
content-length
958
c.gif
c.clarity.ms/
Redirect Chain
  • https://c.clarity.ms/c.gif
  • https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&RedC=c.clarity.ms&MXFR=185B5F6A1A2E63A2230B4B371E2E6D35
  • https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&MUID=280E7B492CC16CC1295C6F142D6D6D47
42 B
442 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&MUID=280E7B492CC16CC1295C6F142D6D6D47
Protocol
H2
Server
68.219.88.97 Dublin, Ireland, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-IIS/10.0 / ASP.NET
Resource Hash
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:40 GMT
last-modified
Fri, 01 Mar 2024 22:54:48 GMT
server
Microsoft-IIS/10.0
etag
"3e26b762b6cda1:0"
x-powered-by
ASP.NET
content-type
image/gif
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control
private, no-cache, proxy-revalidate, no-store
accept-ranges
bytes
content-length
42

Redirect headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:40 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 82728FB56B8B41AB8CBE9853F203AFF7 Ref B: FRA31EDGE0108 Ref C: 2024-04-10T13:01:40Z
x-powered-by
ASP.NET
x-cache
CONFIG_NOCACHE
p3p
CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=8488958074DC4A04A6A7070B3F76895E&MUID=280E7B492CC16CC1295C6F142D6D6D47
cache-control
private, no-cache, proxy-revalidate, no-store
content-length
0
m-outer-3437aaddcdf6922d623e172c2d6f9278.html
js.stripe.com/v3/ Frame FF4B 		0
0 		Document
General
Check archive.org
Download Go to
Full URL
https://js.stripe.com/v3/m-outer-3437aaddcdf6922d623e172c2d6f9278.html
Requested by
Host: js.stripe.com
URL: https://js.stripe.com/v3
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.64.176 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
Fastly /
Resource Hash
Security Headers
Name Value
Content-Security-Policy base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
Strict-Transport-Security max-age=31556926; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
accept-language
de-DE,de;q=0.9
sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-mobile
?0
sec-ch-ua-platform
"Win32"

Response headers

accept-ranges
bytes
access-control-allow-origin
*
age
286336
cache-control
max-age=31536000
content-encoding
br
content-length
154
content-security-policy
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-security-policy-report-only
base-uri 'none'; connect-src 'self' https://r.stripe.com; default-src 'self'; font-src 'none'; form-action 'none'; frame-src https://m.stripe.network; img-src https://q.stripe.com; media-src 'none'; object-src 'none'; script-src 'self'; style-src 'self'; report-uri https://q.stripe.com/csp-report
content-type
text/html; charset=utf-8
date
Wed, 10 Apr 2024 13:01:40 GMT
etag
"3437aaddcdf6922d623e172c2d6f9278"
last-modified
Fri, 11 Nov 2022 20:25:37 GMT
server
Fastly
strict-transport-security
max-age=31556926; includeSubDomains; preload
timing-allow-origin
*
vary
Accept-Encoding
via
1.1 varnish
x-cache
HIT
x-cache-hits
77665
x-content-type-options
nosniff
x-request-id
3f8d88ef-3cba-45e2-960b-0ec111563e8e
x-served-by
cache-fra-etou8220149-FRA
870.bundle.6e2976b75e60ab2b2bf8.js
cdn.segment.com/analytics-next/bundles/ 		17 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/870.bundle.6e2976b75e60ab2b2bf8.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Thu, 29 Feb 2024 19:00:16 GMT
x-amz-version-id
_Zng1zDFfyVmhgbB_J7PJcP1kXirqoRX
content-encoding
br
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
3520885
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Wed, 28 Feb 2024 18:17:02 GMT
server
AmazonS3
etag
W/"69ff6d99504e355f116e0d507f3dcf2b"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
_wI4tXAsInMcSdPyiqZjC96sEHAg0Wxh6GagEhs1su61b4s39Hajwg==
tsub-middleware.bundle.77315eced46c5ae4c052.js
cdn.segment.com/analytics-next/bundles/ 		568 B
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/tsub-middleware.bundle.77315eced46c5ae4c052.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 23 Mar 2024 21:32:44 GMT
x-amz-version-id
.z146ppeXek7lT7ovgrtDFGZSC8zmoYb
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1524537
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
content-length
568
last-modified
Sat, 23 Mar 2024 18:35:08 GMT
server
AmazonS3
etag
"2e2a6826c25f4a2f22f0112c0e467584"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
NpzfTcjyG3VmC1AMh7_GagJ7jir4RUXiU-znPgfClLzlb8WDD71Pdg==
ajs-destination.bundle.196edae455b4fdcecd90.js
cdn.segment.com/analytics-next/bundles/ 		9 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/ajs-destination.bundle.196edae455b4fdcecd90.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
86a590d25968e7fd492f88cda922d92181bfd543d56906bfe7785a464f1ed579

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 29 Mar 2024 01:24:27 GMT
x-amz-version-id
HuNgSZ75f5vpNBhJmnNITrmcxktXMCrD
content-encoding
br
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1078634
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Thu, 28 Mar 2024 17:33:04 GMT
server
AmazonS3
etag
W/"a1f137007ed37048753fe2812b495a22"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
B2fA5frcdJ4x-ECF0YBupauW3uurgsCKwNRWRUjreIqiS7sNNoi6Cw==
schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
cdn.segment.com/analytics-next/bundles/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/analytics-next/bundles/schemaFilter.bundle.5c2661f67b4b71a6d9bd.js
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sun, 24 Mar 2024 19:38:37 GMT
x-amz-version-id
kiahtD.oWJep_Cq5q0CQJnntsP3p_4rS
content-encoding
br
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
age
1444984
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
x-amz-replication-status
COMPLETED
last-modified
Sat, 23 Mar 2024 18:35:08 GMT
server
AmazonS3
etag
W/"3867b2388b619ff7fddc29ef359fc9aa"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
vary
Accept-Encoding
x-amz-cf-id
zy4PB23fhplBxJ5XUbpOKfbK_pksMhC-KDXkQzKyQWzprWRGA-nydQ==
google-analytics.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/ 		16 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/google-analytics/2.18.5/google-analytics.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fdda2bf7d8e87b5ac90a791a5131a9811c207171107482857b67f6b8329854fb

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Fri, 23 Feb 2024 08:58:40 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-version-id
K4QGNkPJBd_QhAl8Ep7SDksdcNN7fIa5
x-amz-cf-pop
MUC50-P2
age
4075382
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
4743
last-modified
Wed, 18 Oct 2023 10:36:35 GMT
server
AmazonS3
etag
"36786f75981fc0efd629c4a89e1c78ec"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
h8vBMF33VpKLMo8I-xki2Ccq7m8AFOKLj7BXXnNMRNpwRQNcagvQtA==
facebook-pixel.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/facebook-pixel/2.11.5/facebook-pixel.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Tue, 20 Jun 2023 17:34:23 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-version-id
qdXzfb4GnmqZ9jlUvDFRxsDuV9F80jxN
x-amz-cf-pop
MUC50-P2
age
25471639
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
3273
last-modified
Wed, 03 May 2023 11:04:44 GMT
server
AmazonS3
etag
"4b03a476015c2ba9b9e74e895b97c12c"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
-iygRyM5fgWgk6zaXltsU46NUHwn-x-Ntr-dKWKIOj7EzTU1GMmjVg==
adwords.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/adwords/2.5.3/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/adwords/2.5.3/adwords.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Sat, 23 Sep 2023 18:18:23 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-version-id
kX7MQ8Dko4jLJ7bEXdgbdXt2lbAcAkqf
x-amz-cf-pop
MUC50-P2
age
17260999
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1356
last-modified
Wed, 06 Sep 2023 07:09:30 GMT
server
AmazonS3
etag
"257fe81df53dcd4819bc1a81e78fce58"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
1XwEMBYG6c43saLuNBBscdG5mX98fiJI6C5GARY3dfeLOzwkrnjvyw==
bing-ads.dynamic.js.gz
cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/ 		2 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/bing-ads/2.0.1/bing-ads.dynamic.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
fcc5947420bac95a9ee88dc4782ae6101a53a397e25b582b468979318eb71171

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 04 Sep 2023 09:46:01 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-version-id
MVLA9iad06LVd8fiFsf9oxDSJydtUdnx
x-amz-cf-pop
MUC50-P2
age
18933341
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
1135
last-modified
Thu, 27 Jul 2023 16:15:56 GMT
server
AmazonS3
etag
"9268c923e39afefe912025bc37ceb2f5"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
OvYV3JV5CyXvbUp2ZknbOhT2go1Sp0LRLkvU7YyJMjk8uwZ7dT5vKQ==
p
events-api.monarchmoney.com/v1/ 		21 B
333 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events-api.monarchmoney.com/v1/p
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:5800:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
strict-transport-security
max-age=31536000
via
1.1 cb64e02e44588dfd13b2a4b2483c404c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.monarchmoney.com
content-length
21
x-amz-cf-id
Akfv8H96BPTMRqoAi3StMKHbPVBxX0WptzH2qJzUJrLQ6CRJWEDPeQ==
p
events-api.monarchmoney.com/v1/ 		21 B
333 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://events-api.monarchmoney.com/v1/p
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2600:9000:237d:5800:d:cf84:bb40:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software
/
Resource Hash
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
sec-ch-ua-platform
"Win32"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
strict-transport-security
max-age=31536000
via
1.1 cb64e02e44588dfd13b2a4b2483c404c.cloudfront.net (CloudFront)
x-amz-cf-pop
MUC50-P2
vary
Origin
x-cache
Miss from cloudfront
content-type
application/json
access-control-allow-origin
https://app.monarchmoney.com
content-length
21
x-amz-cf-id
7L3rOTuhjyAGemyHEesyuoF_IvQmLFkaMJgWaHNINx72-wdkMfv3UA==
commons.c42222c4cb2f8913500f.js.gz
cdn.segment.com/next-integrations/integrations/vendor/ 		73 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Requested by
Host: events-cdn.monarchmoney.com
URL: https://events-cdn.monarchmoney.com/v1/ihoJ7mL8TzTfXlye2rfexJPlMRZMQXiU/events-script
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.138.32.174 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-138-32-174.muc50.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Mon, 25 Mar 2024 01:55:59 GMT
content-encoding
gzip
via
1.1 a79cccd642ddc0038c3b0c4a9e7fcd6c.cloudfront.net (CloudFront)
x-amz-version-id
HopHKmY9TBcR3b.zdj3KrkRozUW9hj.F
x-amz-cf-pop
MUC50-P2
age
1422343
x-amz-server-side-encryption
AES256
x-cache
Hit from cloudfront
content-length
22177
last-modified
Fri, 08 Mar 2024 07:35:27 GMT
server
AmazonS3
etag
"befb217271e2e926c7d898f1c85f6cb7"
access-control-max-age
3000
access-control-allow-methods
GET, HEAD
content-type
application/javascript
access-control-allow-origin
*
cache-control
public,max-age=31536000,immutable
accept-ranges
bytes
x-amz-cf-id
GeAH_e3c1-Vt_rnBdemg5XFRrJblDpZC7ozV8hYwCSVWys_-rWQm5w==
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Wed, 10 Apr 2024 11:48:08 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
4413
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Wed, 10 Apr 2024 13:48:08 GMT
fbevents.js
connect.facebook.net/en_US/ 		218 KB
59 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
bda2cf571d7ea45f68afcdc87f968090dbf4bbdec2c7d6d19ce591b3980c296f
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 10 Apr 2024 13:01:41 GMT
document-policy
force-load-at-top
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
57850
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=38, rtx=0, c=12, mss=1294, tbw=2783, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
f+QLHEjgjpfEQ9Cv1QhsZcnYBStXa9N8ha48YlVTXX1ick4B0wkUgMqiFY7gxL002Do4khwHKbMagDWpiUBmFA==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
bat.js
bat.bing.com/ 		45 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/bat.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
date
Wed, 10 Apr 2024 13:01:40 GMT
last-modified
Thu, 29 Feb 2024 19:58:06 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: C2B4B625112C4BBC8FABB7716A28ED8C Ref B: FRA31EDGE0108 Ref C: 2024-04-10T13:01:41Z
etag
"01b4e9c496bda1:0"
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript
cache-control
private,max-age=1800
accept-ranges
bytes
content-length
13261
conversion_async.js
www.googleadservices.com/pagead/ 		50 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion_async.js
Requested by
Host: cdn.segment.com
URL: https://cdn.segment.com/next-integrations/integrations/vendor/commons.c42222c4cb2f8913500f.js.gz
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
f9633dfdb9cc6a64c188c436925e3ba676aab06065c04bc86b385ec2fec4c804
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
content-encoding
br
x-content-type-options
nosniff
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
18242
x-xss-protection
0
server
cafe
etag
16148772477301950350
vary
Accept-Encoding
content-type
text/javascript; charset=UTF-8
cache-control
private, max-age=3600
timing-allow-origin
*
expires
Wed, 10 Apr 2024 13:01:41 GMT
137022621.js
bat.bing.com/p/action/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://bat.bing.com/p/action/137022621.js
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/bat.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
2620:1ec:c11::237 , United States, ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
9457dc4b2bae047d2506e05e6e4231050832895af322a3c0b116991cb87092dc
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
br
date
Wed, 10 Apr 2024 13:01:40 GMT
accept-ch
Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref
Ref A: 00E2B7A136954A2CBEC72AE27CAD17B1 Ref B: FRA31EDGE0108 Ref C: 2024-04-10T13:01:41Z
vary
Accept-Encoding
x-cache
CONFIG_NOCACHE
content-type
application/javascript; charset=utf-8
cache-control
private,max-age=60
137022621
www.clarity.ms/tag/uet/ 		709 B
963 B 		Script
General
Check archive.org
Download Go to
Full URL
https://www.clarity.ms/tag/uet/137022621
Requested by
Host: bat.bing.com
URL: https://bat.bing.com/p/action/137022621.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2620:1ec:46::45 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
/
Resource Hash
1d3acec419599494b21364c5e83fbecefb34008422f5b865eafe1fc34da16a06

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

expires
-1
date
Wed, 10 Apr 2024 13:01:41 GMT
x-azure-ref
20240410T130141Z-164d799447dhj9zgdz9k324qsg000000073g00000000nbe1
x-cache
CONFIG_NOCACHE
content-type
application/x-javascript
cache-control
no-cache, no-store
accept-ranges
bytes
content-length
709
request-context
appId=cid-v1:e55edbbe-e22b-46b4-8313-9ee2a4e71d12
js
www.google-analytics.com/gtm/ 		122 KB
47 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/gtm/js?id=OPT-WL3C999&cid=1183087258.1712754101
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:802::200e Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
f5474a32b388c35a1d8bee76826e3071660f910d883229ece671d4cb5ea54ba4
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
47890
x-xss-protection
0
last-modified
Wed, 10 Apr 2024 12:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Wed, 10 Apr 2024 13:01:41 GMT
/
www.googleadservices.com/pagead/conversion/AW-794001205/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1712754101293&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
626901af7651de9c34624668bdf55348fd9280c1d5f4fee00b64e448427ec3bc
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1483
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.googleadservices.com/pagead/conversion/AW-794001205/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googleadservices.com/pagead/conversion/AW-794001205/?random=1712754101295&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&rfmt=3&fmt=4
Requested by
Host: www.googleadservices.com
URL: https://www.googleadservices.com/pagead/conversion_async.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.185.66 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra16s48-in-f2.1e100.net
Software
cafe /
Resource Hash
57fc6b403d789dfb9c63799fab650efd862da43f491ec1a4d09d44b6b7f78105
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-encoding
br
x-content-type-options
nosniff
server
cafe
content-type
text/javascript; charset=UTF-8
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, must-revalidate
cross-origin-resource-policy
cross-origin
content-disposition
attachment; filename="f.txt"
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
1495
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
2173781372941566
connect.facebook.net/signals/config/ 		57 KB
12 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/2173781372941566?v=2.9.153&r=stable&domain=app.monarchmoney.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f083:9:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
ee58c41638384f57396d1e4ed119ad530fed6c569573df0b38c05208d5fb1a19
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

content-security-policy
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Wed, 10 Apr 2024 13:01:41 GMT
document-policy
force-load-at-top
content-security-policy-report-only
default-src data: blob: chrome-extension: 'unsafe-inline' 'unsafe-eval';report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
EXCELLENT; q=0.9, rtt=46, rtx=0, c=63, mss=1294, tbw=63175, tp=-1, tpl=-1, uplat=83, ullat=0
pragma
public
x-fb-debug
Z4zEXpCOWEztFicvrO9VjvmEnWF7cH3Ygb8KuGGRprLuZojz+5ZrWKUgLeN2aET4p/W4hQ6JnqgFB9B+XhRLiw==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=...
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&...
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl_qvntq3hQMVSz4GAB2tBAB2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtq0I2P0CUj919_v9g0mByloYBXl6KTXw&random=673248392&resp=GooglemKTybQhCsO&ipr=y
Protocol
H3
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=804434333&cv=9&fst=1712754101295&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925%2C509562773%2C512247838&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAg&pscrd=IhMIl_qvntq3hQMVSz4GAB2tBAB2MgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtq0I2P0CUj919_v9g0mByloYBXl6KTXw&random=673248392&resp=GooglemKTybQhCsO&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
www.google.de/pagead/1p-conversion/AW-794001205/
Redirect Chain
  • https://googleads.g.doubleclick.net/pagead/viewthroughconversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_...
  • https://www.google.com/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=...
  • https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2...
42 B
64 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8YKwntq3hQMVGiQGAB0KPwqZMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtqxoH_s9MQBE9pSzzFEZZJ1SVwaDzi1g&random=2746494089&resp=GooglemKTybQhCsO&ipr=y
Protocol
H3
Server
142.250.186.35 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
fra24s04-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
Content-Security-Policy script-src 'none'; object-src 'none'
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
de-DE,de;q=0.9
Referer
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT

Redirect headers

pragma
no-cache
date
Wed, 10 Apr 2024 13:01:41 GMT
content-security-policy
script-src 'none'; object-src 'none'
x-content-type-options
nosniff
server
cafe
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
location
https://www.google.de/pagead/1p-conversion/AW-794001205/?random=1971242207&cv=9&fst=1712754101293&num=1&guid=ON&resp=GooglemKTybQhCsO&eid=466465925&u_h=600&u_w=800&u_ah=600&u_aw=800&u_cd=24&u_his=2&u_tz=120&u_java=false&u_nplug=5&u_nmime=2&sendb=1&ig=1&frm=0&url=https%3A%2F%2Fapp.monarchmoney.com%2Flogin%3Froute%3D%252Faccounts%252Fdetails%252F164068825058880941&tiba=Monarch%20%7C%20Sign%20In&hn=www.googleadservices.com&uaa=x86&uab=64&uam=&uap=Win32&uapv=10.0.0&uaw=0&uafvl=Google%2520Chrome%3B123.0.6312.105%7CNot%253AA-Brand%3B8.0.0.0%7CChromium%3B123.0.6312.105&async=1&fmt=3&ct_cookie_present=false&sscte=1&crd=COG9sQIIscGxAgiwwbECCLnBsQIIl8GxAgiYwbEC&pscrd=IhMI8YKwntq3hQMVGiQGAB0KPwqZMgIIAzICCAQyAggHMgIICDICCAkyAggKMgIIAjICCAs&is_vtc=1&cid=CAQSGwB7FLtqxoH_s9MQBE9pSzzFEZZJ1SVwaDzi1g&random=2746494089&resp=GooglemKTybQhCsO&ipr=y
content-type
image/gif
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
/
evnt.byspotify.com/ 		2 B
18 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
Content-Type
application/json
Accept
application/json
Referer
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:41 GMT
via
1.1 google
access-control-allow-methods
GET, POST
content-type
application/json
access-control-allow-origin
*
access-control-allow-credentials
false
access-control-allow-headers
Content-Type, Accept
content-length
2
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
/
evnt.byspotify.com/ Frame 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://evnt.byspotify.com/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
34.111.186.1 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS
1.186.111.34.bc.googleusercontent.com
Software
/
Resource Hash

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type
Access-Control-Request-Method
POST
Origin
https://app.monarchmoney.com
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36

Response headers

access-control-allow-credentials
false
access-control-allow-headers
content-type
access-control-allow-methods
POST
access-control-allow-origin
https://app.monarchmoney.com
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
date
Wed, 10 Apr 2024 13:01:41 GMT
via
1.1 google
favicon.ico
app.monarchmoney.com/ 		15 KB
8 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://app.monarchmoney.com/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700:10::ac43:5c4 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633
Security Headers
Name Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

date
Wed, 10 Apr 2024 13:01:42 GMT
content-security-policy
upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
x-content-type-options
nosniff
strict-transport-security
max-age=15552000; includeSubDomains
nel
{"report_to":"heroku-nel","max_age":3600,"success_fraction":0.005,"failure_fraction":0.05,"response_headers":["Via"]}
x-permitted-cross-domain-policies
none
cf-cache-status
EXPIRED
via
1.1 vegur
x-dns-prefetch-control
off
content-encoding
gzip
x-xss-protection
0
reporting-endpoints
heroku-nel=https://nel.heroku.com/reports?ts=1712754102&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=kIuJ8vfCXiULzCHwVv9Tgaa4OsQU4TZ42Ag2hzI8Z%2Bo%3D
referrer-policy
no-referrer
last-modified
Wed, 10 Apr 2024 12:34:54 GMT
server
cloudflare
etag
W/"3c2e-18ec80105b0"
expect-ct
max-age=0
x-frame-options
SAMEORIGIN
report-to
{"group":"heroku-nel","max_age":3600,"endpoints":[{"url":"https://nel.heroku.com/reports?ts=1712754102&sid=1b10b0ff-8a76-4548-befa-353fc6c6c045&s=kIuJ8vfCXiULzCHwVv9Tgaa4OsQU4TZ42Ag2hzI8Z%2Bo%3D"}]}
content-type
image/x-icon
vary
Accept-Encoding
x-download-options
noopen
cache-control
public, max-age=14400
cf-ray
8722ed503f135d45-FRA
collect
n.clarity.ms/ 		0
300 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://n.clarity.ms/collect
Requested by
Host: app.monarchmoney.com
URL: https://app.monarchmoney.com/static/js/494.65c6f4b5.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_256_GCM
Server
52.184.204.244 Boydton, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
nginx/1.18.0 (Ubuntu) /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

sec-ch-ua
"Google Chrome";v="123", "Not:A-Brand";v="8", "Chromium";v="123"
Accept
application/x-clarity-gzip
Referer
accept-language
de-DE,de;q=0.9
sec-ch-ua-mobile
?0
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/123.0.0.0 Safari/537.36
sec-ch-ua-platform
"Win32"

Response headers

Access-Control-Allow-Origin
https://app.monarchmoney.com
Date
Wed, 10 Apr 2024 13:01:42 GMT
Access-Control-Allow-Credentials
true
Server
nginx/1.18.0 (Ubuntu)
Connection
keep-alive
Vary
Origin
Request-Context
appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js
js.stripe.com/v3/fingerprinted/js/ 		0
0

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
n.clarity.ms
URL
https://n.clarity.ms/collect
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
api.monarchmoney.com
URL
https://api.monarchmoney.com/graphql
Domain
js.stripe.com
URL
https://js.stripe.com/v3/fingerprinted/js/trusted-types-checker-efd8cf45ce422659c098993bfc62531b.js

Verdicts & Comments Add Verdict or Comment

97 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| 2 object| 3 object| 4 object| 5 object| 6 object| analytics function| rdt function| spdt string| TiktokAnalyticsObject object| ttq function| clarity function| twq string| USERLEAP_ID function| UserLeap object| Plaid object| webpackJsonpPlaid object| _global object| _sentryDebugIds string| _sentryDebugIdIdentifier object| SENTRY_RELEASE object| webpackChunkweb object| regeneratorRuntime object| twttr object| configArgs number| pixelRatio number| width number| height object| screenSize object| labels function| Sprig object| webpackJsonp.TiktTokAnalytics object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| _jelly_sdks function| _ object| __SENTRY__ object| __APOLLO_CLIENT__ object| core function| setImmediate function| clearImmediate function| singularSdk function| SingularConfig function| Mousetrap object| webpackChunkStripeJSouter function| noop function| Stripe object| AppleID object| zEWebpackACJsonp function| zE function| zEmbed object| default_gsi object| _F_toggles object| google object| closure_lm_826540 boolean| zEACLoaded function| $zopim object| webpackChunk_segment_analytics_next string| analyticsWriteKey object| __SEGMENT_INSPECTOR__ object| AnalyticsNext object| google-analyticsDeps function| google-analyticsLoader object| facebook-pixelDeps function| facebook-pixelLoader object| bing-adsDeps function| bing-adsLoader object| adwordsDeps function| adwordsLoader object| webpackJsonp_name_Integration function| google-analyticsIntegration string| GoogleAnalyticsObject function| ga function| facebook-pixelIntegration function| _fbq function| fbq function| bing-adsIntegration object| uetq function| adwordsIntegration function| UET function| UET_init function| UET_push object| ueto_99dbca82b3 object| google_tag_data object| gaplugins object| gaGlobal object| gaData object| dataLayer function| GooglemKTybQhCsO function| google_trackConversion object| GooglebQhCsO object| __sentry_instrumentation_handlers__ object| google_tag_manager object| clarityuetq

29 Cookies

Domain/Path Name / Value
app.monarchmoney.com/accounts/details Name: ajs_anonymous_id
Value: a6d27825-d098-4375-a7bc-cba61c9f0f14
app.monarchmoney.com/ Name: __spdt
Value: 0a04866183b9476f9c36401dd65acef7
.monarchmoney.com/ Name: _rdt_uuid
Value: 1712754096440.09cb3ecd-8816-481a-bff1-5c065e79e3b0
.tiktok.com/ Name: _ttp
Value: 2euUk6Ifkw8US5qZ7inWLHHyNGk
www.clarity.ms/ Name: CLID
Value: bc1410466e80485889b2f7ac1cd2da73.20240410.20250410
.monarchmoney.com/ Name: _tt_enable_cookie
Value: 1
.monarchmoney.com/ Name: _ttp
Value: G3ldNyUhAfJh94MpNcCqn2G5rVk
.monarchmoney.com/ Name: _clck
Value: 17i337j%7C2%7Cfkt%7C0%7C1561
.twitter.com/ Name: guest_id_marketing
Value: v1%3A171275409659269696
.twitter.com/ Name: guest_id_ads
Value: v1%3A171275409659269696
.twitter.com/ Name: personalization_id
Value: "v1_QGwL2Vxp3dklxzPHaS+K3w=="
.twitter.com/ Name: guest_id
Value: v1%3A171275409659269696
.t.co/ Name: muc_ads
Value: 36d3a0e2-5931-4cc1-9826-f366a9de292c
.monarchmoney.com/ Name: singular_device_id
Value: f68473c1-9646-4548-bdc5-88f16e99403f
.monarchmoney.com/ Name: _clsk
Value: exul7o%7C1712754100233%7C2%7C1%7Cn.clarity.ms%2Fcollect
.monarchmoney.com/ Name: ajs_anonymous_id
Value: a6d27825-d098-4375-a7bc-cba61c9f0f14
.bing.com/ Name: MUID
Value: 280E7B492CC16CC1295C6F142D6D6D47
.c.bing.com/ Name: MR
Value: 0
.c.bing.com/ Name: SRM_B
Value: 280E7B492CC16CC1295C6F142D6D6D47
.c.clarity.ms/ Name: SM
Value: C
.clarity.ms/ Name: MUID
Value: 280E7B492CC16CC1295C6F142D6D6D47
.c.clarity.ms/ Name: MR
Value: 0
.c.clarity.ms/ Name: ANONCHK
Value: 0
.monarchmoney.com/ Name: _ga
Value: GA1.2.1183087258.1712754101
.monarchmoney.com/ Name: _gid
Value: GA1.2.1397622956.1712754101
.doubleclick.net/ Name: test_cookie
Value: CheckForPermission
m.stripe.com/ Name: m
Value: 5081bae7-767b-43f4-b9dc-e1808d9a4a7622a8ea
.app.monarchmoney.com/ Name: __stripe_mid
Value: e983b5ef-042b-4935-9a68-2fb3e0a36da2ae5f3d
.app.monarchmoney.com/ Name: __stripe_sid
Value: 48c87df2-9f4a-4086-945a-7a65e9dea75a78123e

33 Console Messages

Source Level URL
Text
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/accounts/details/164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://connect.facebook.net/signals/config/2173781372941566?v=2.9.153&r=stable&domain=app.monarchmoney.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105(Line 97)
Message:
Unrecognized feature: 'attribution-reporting'.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.
other warning URL: https://app.monarchmoney.com/login?route=%2Faccounts%2Fdetails%2F164068825058880941
Message:
Third-party cookie will be blocked. Learn more in the Issues tab.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy upgrade-insecure-requests;default-src 'self' *.plaid.com *.finicity.com *.mx.com *.stripe.com *.cloudinary.com;frame-ancestors 'self' www.reddit.com *.finicity.com;script-src 'self' 'unsafe-eval' 'unsafe-inline' *.monarchmoney.com *.monarchmoneystaging.com *.redditstatic.com *.googleadservices.com *.ads-twitter.com *.plaid.com *.finicity.com *.mx.com *.gstatic.com analytics.tiktok.com *.byspotify.com https://static.zdassets.com https://cdn.userleap.com https://cdn.plaid.com https://js.stripe.com https://apis.google.com https://appleid.cdn-apple.com https://cdn.plaid.com https://js.stripe.com https://checkout.stripe.com https://apis.google.com https://cdn.userleap.com https://appleid.cdn-apple.com https://static.zdassets.com https://rs.fullstory.com https://edge.fullstory.com https://www.google-analytics.com https://ssl.google-analytics.com https://google-analytics.com https://*.doubleclick.net https://stats.g.doubleclick.net https://*.google.com https://*.google.com.br https://*.googlesyndication.com https://*.googletagservices.com https://*.googleadservices.com www.googleadservices.com www.google-analytics.com https://connect.facebook.net https://graph.facebook.com https://js.facebook.com https://bat.bing.com https://r.bing.com https://browser.sentry-cdn.com https://js.sentry-cdn.com https://*.sentry.io edge.fullstory.com *.fullstory.com www.clarity.ms *.clarity.ms cdn.sprig.com cdn.segment.com 'report-sample' www.googletagmanager.com www.googleadservices.com www.google-analytics.com www.clarity.ms analytics.tiktok.com static.ads-twitter.com connect.facebook.net https://storage.googleapis.com/fini-widget/;style-src 'self' 'unsafe-inline' 'report-sample' checkout.stripe.com *.google.com https://www.gstatic.com www.gstatic.com *.gstatic.com *.bing.com;object-src *.googlesyndication.com;frame-src 'self' https://accounts.google.com https://portal.productboard.com *.stripe.com *.stripe.network *.google.com *.doubleclick.net *.googlesyndication.com *.facebook.com connect.facebook.net sdx.microsoft.com *.plaid.com *.finicity.com *.moneydesktop.com *.mx.com *.youtube.com https://app.usefini.com/;child-src 'self' data: *.google.com *.doubleclick.net *.googlesyndication.com www.googleadservices.com *.facebook.com connect.facebook.net;img-src 'self' data: blob: *.stripe.com www.googleadservices.com *.googleadservices.com https://res.cloudinary.com https://images.unsplash.com https://www.google-analytics.com https://rs.fullstory.com googletagmanager.com *.googletagmanager.com www.googletagmanager.com *.google-analytics.com https://www.google.com analytics.google.com *.doubleclick.net googleads.doubleclick.net googleads.g.doubleclick.net https://googleads.g.doubleclick.net *.doubleclick.net https://stats.g.doubleclick.net *.facebook.com *.facebook.net https://connect.facebook.net *.fbcdn.net *.bing.com *.microsoft.com *.clarity.ms monarch-static-assets.s3.amazonaws.com monarch-static-assets.s3.us-east-1.amazonaws.com analytics.pangle-ads.com monarch-api-production.s3.amazonaws.com *.redditstatic.com *.reddit.com *.ads-twitter.com https://t.co analytics.twitter.com https://analytics.twitter.com *.googleusercontent.com *.gstatic.com https://fonts.gstatic.com https://analytics.tiktok.com *.tiktok.com *.byspotify.com *.google.com *.google.ad *.google.ae *.google.com.af *.google.com.ag *.google.com.ai *.google.al *.google.am *.google.co.ao *.google.com.ar *.google.as *.google.at *.google.com.au *.google.az *.google.ba *.google.com.bd *.google.be *.google.bf *.google.bg *.google.com.bh *.google.bi *.google.bj *.google.com.bn *.google.com.bo *.google.com.br *.google.bs *.google.bt *.google.co.bw *.google.by *.google.com.bz *.google.ca *.google.cd *.google.cf *.google.cg *.google.ch *.google.ci *.google.co.ck *.google.cl *.google.cm *.google.cn *.google.com.co *.google.co.cr *.google.com.cu *.google.cv *.google.com.cy *.google.cz *.google.de *.google.dj *.google.dk *.google.dm *.google.com.do *.google.dz *.google.com.ec *.google.ee *.google.com.eg *.google.es *.google.com.et *.google.fi *.google.com.fj *.google.fm *.google.fr *.google.ga *.google.ge *.google.gg *.google.com.gh *.google.com.gi *.google.gl *.google.gm *.google.gr *.google.com.gt *.google.gy *.google.com.hk *.google.hn *.google.hr *.google.ht *.google.hu *.google.co.id *.google.ie *.google.co.il *.google.im *.google.co.in *.google.iq *.google.is *.google.it *.google.je *.google.com.jm *.google.jo *.google.co.jp *.google.co.ke *.google.com.kh *.google.ki *.google.kg *.google.co.kr *.google.com.kw *.google.kz *.google.la *.google.com.lb *.google.li *.google.lk *.google.co.ls *.google.lt *.google.lu *.google.lv *.google.com.ly *.google.co.ma *.google.md *.google.me *.google.mg *.google.mk *.google.ml *.google.com.mm *.google.mn *.google.ms *.google.com.mt *.google.mu *.google.mv *.google.mw *.google.com.mx *.google.com.my *.google.co.mz *.google.com.na *.google.com.ng *.google.com.ni *.google.ne *.google.nl *.google.no *.google.com.np *.google.nr *.google.nu *.google.co.nz *.google.com.om *.google.com.pa *.google.com.pe *.google.com.pg *.google.com.ph *.google.com.pk *.google.pl *.google.pn *.google.com.pr *.google.ps *.google.pt *.google.com.py *.google.com.qa *.google.ro *.google.ru *.google.rw *.google.com.sa *.google.com.sb *.google.sc *.google.se *.google.com.sg *.google.sh *.google.si *.google.sk *.google.com.sl *.google.sn *.google.so *.google.sm *.google.sr *.google.st *.google.com.sv *.google.td *.google.tg *.google.co.th *.google.com.tj *.google.tl *.google.tm *.google.tn *.google.to *.google.com.tr *.google.tt *.google.com.tw *.google.co.tz *.google.com.ua *.google.co.ug *.google.co.uk *.google.com.uy *.google.co.uz *.google.com.vc *.google.co.ve *.google.vg *.google.co.vi *.google.com.vn *.google.vu *.google.ws *.google.rs *.google.co.za *.google.co.zm *.google.co.zw *.google.cat monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com t.co googleads.g.doubleclick.net *.facebook.com https://storage.googleapis.com/fini-widget/ *.attribution.adswizz.com https://*.attribution.adswizz.com https://pixel.tapad.com https://*.tapad.com;font-src * data: blob: 'self' 'unsafe-inline';connect-src 'self' about: analytics.tiktok.com *.byspotify.com *.zendesk.com https://api.segment.io *.segment.io https://api.cloudinary.com https://api.monarchmoney.com https://api.monarchmoneystaging.com wss://api.monarchmoney.com wss://api.monarchmoneystaging.com https://features.monarchmoney.com https://features.monarchmoneystaging.com https://events-api.monarchmoney.com https://events-api.monarchmoneystaging.com https://monarchmoney.zendesk.com https://rs.fullstory.com https://edge.fullstory.com https://sdk.split.io https://auth.split.io https://streaming.split.io https://events.split.io https://ekr.zdassets.com https://api.sprig.com api.sprig.com https://sentry.io https://sdk-api-v1.singular.net *.stripe.com www.google-analytics.com stats.g.doubleclick.net ampcid.google.com analytics.google.com *.doubleclick.net *.google.com *.googlesyndication.com www.googletagservices.com *.facebook.com connect.facebook.net *.bing.com wss://*.bing.com *.clarity.ms sentry.io *.sentry.io www.redditstatic.com monarch-api-production.s3.amazonaws.com monarch-static-assets.s3.amazonaws.com monarch-api-staging2.s3.us-east-2.amazonaws.com reddit.com *.reddit.com *.ads-twitter.com cdn.sprig.com cdn.segment.com https://rum.browser-intake-datadoghq.com https://session-replay.browser-intake-datadoghq.com https://api.unsplash.com analytics.pangle-ads.com stats.g.doubleclick.net https://api.usefini.com/;manifest-src 'self';base-uri 'self';form-action 'self' *.google.com *.facebook.com connect.facebook.net;media-src 'self' data: dai.google.com;worker-src 'self' blob: www.google.com;report-uri https://o236174.ingest.sentry.io/api/4506858085744640/security/?sentry_key=b8be0ad8a511b04ca10c054828ceeb45
Strict-Transport-Security max-age=15552000; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

accounts.google.com
alb.reddit.com
analytics.tiktok.com
analytics.twitter.com
api.monarchmoney.com
api.sprig.com
app.monarchmoney.com
appleid.cdn-apple.com
bat.bing.com
c.bing.com
c.clarity.ms
cdn.plaid.com
cdn.segment.com
cdn.userleap.com
connect.facebook.net
ekr.zdassets.com
events-api.monarchmoney.com
events-cdn.monarchmoney.com
evnt.byspotify.com
features.monarchmoney.com
googleads.g.doubleclick.net
js.stripe.com
monarchmoney.zendesk.com
n.clarity.ms
pixel.byspotify.com
sdk-api-v1.singular.net
sentry.io
static.ads-twitter.com
static.zdassets.com
streaming.split.io
t.co
www.clarity.ms
www.google-analytics.com
www.google.com
www.google.de
www.googleadservices.com
www.redditstatic.com
api.monarchmoney.com
js.stripe.com
n.clarity.ms
104.16.53.111
104.18.70.113
104.18.72.113
104.244.42.131
104.244.42.133
108.138.32.174
108.138.36.16
13.33.187.42
142.250.185.66
142.250.186.35
146.75.120.157
151.101.129.140
151.101.64.176
18.173.187.121
184.30.208.159
2.17.147.82
2.18.64.26
216.58.206.68
2600:9000:20c3:fe00:9:a6e8:8080:93a1
2600:9000:237d:5800:d:cf84:bb40:93a1
2600:9000:26db:fa00:6:5671:b9c0:93a1
2606:4700:10::6816:3d79
2606:4700:10::ac43:5c4
2620:1ec:46::45
2620:1ec:c11::237
2a00:1450:4001:802::200e
2a00:1450:400c:c09::54
2a03:2880:f083:9:face:b00c:0:3
2a04:4e42:400::396
3.228.185.195
34.111.186.1
34.117.162.98
35.186.247.156
52.184.204.244
68.219.88.97
00559b39552432368b3a8ee4c4660e4ca135f2d94839028b67a7bd443b0d7624
0299fe3b788b70b13c94cda8b38542f2ab16bec27ed26b34295412f615c80e48
0857d11fef8be7a02171417365501f07d12e4d0fd4969a8ce43b9adffb7b1158
12f71cb993958eefc4bdb41d7dbbda490779a9c7aba448f7be52bb63912e0254
1a84151c25c961f96ff44075239a95633fae76ffb44e405b62af26a62419103d
1c7a13438386b27ae3874ff95ac5cb2ed21b805261427e9da870e93c35e788de
1d3acec419599494b21364c5e83fbecefb34008422f5b865eafe1fc34da16a06
2070e9ec5ea66461693a174cf782efa1090e0ca1988968cc1115d019e7b80a95
20c0114a672ac0b5b31a1c0100543a2306bf389816ab20774b66e8f7b30fb60c
22bcb5ce8f20c4125d1ed5bd09df18dd69c63583f84505a8193d5a18ff216b4d
2939d067bced6e2e3e43c1b10d2b067cb980410c2cc42fd3e867798a4a36c697
31892c21ae4fb908a875bbe29dbf0df74c2e84171cfbcac23540f3ad8222a35a
36b81b9b64f11e110bca24fb4f4b542f3d0433362cf83e1d341e229430483728
3cdfc45291898f113cf74b9db84cd914b2069a1bf948e51665789a627186f342
43a69bf8acf4aeee012a6f5a59b0c76ba1f8069bb82008849f284fa7a2db0344
44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
453587255e3306b50351d8120774686da9f8f49257ec71fbb786d2b2e22c50c5
4668a2555226e09b40487f4c0efa0e4aee02a4ee7307127d7013bed4dc29b949
482d1dd6e19c705493e390d6a3427887cfd2c47ec7ee7c85282370687a5ed2ee
4d15ff2317e16ccd8ca1d3248fea7d91130e022369bb032824a84ad9967064df
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
57fc6b403d789dfb9c63799fab650efd862da43f491ec1a4d09d44b6b7f78105
5f3f33dcc409983a443e7c7937c946cd406231dc3d64b985f9ea04a86627bdd6
60c90063596ad373d42396f5c88f936d39544f801968ac93c1fe15b3feca090f
626901af7651de9c34624668bdf55348fd9280c1d5f4fee00b64e448427ec3bc
689f21e9ea01f0c246cabcec04eb8f4acc6cb119b099f692a9a0f31bb09eec31
6c03914e8508cb6af00ba472eb252334c9a5d6ff1bfe7823c4364c08a4be130f
740bb313221bda5543b6fbe0bce3dd276cc70c4fd9aa0bae9d46b149406becf5
7474a3d08f329402de1a61a5d7e20fbd1dfc6d246557e2aef042ebb6b102cb42
80e2b7451c1fc1dea6d7c12cf689ca85b5f46155dd0823fe5d27214c54d09562
823804a7807864b44093a3843788f4cd076e89cf4a6fdeb8d153ae5c2c2df721
8356948d6f3bef342ff37a4deca7f6b64b58ca0b90ca128c1929c1bb76cc7a54
848312e324cb800ec839beaa658f151deb8365a43cd55a0bd30058c5448670d7
849caf8a45bf4b74df6ae5f9e16fa4ecb6a4434b62cd834b9c4f631c6839bf1d
86a590d25968e7fd492f88cda922d92181bfd543d56906bfe7785a464f1ed579
8be0d5bddc62b9cd2893335fe8c97074b6448494eff86ea3431c02916ba2dcac
8d7f4084a9e840a0072094bedaf18a51a4bff728018d1cd810fe7060af78377a
93b449763525f13633010ddce61b38378d1540ac14fa438699c98f7f82c6f5c2
9457dc4b2bae047d2506e05e6e4231050832895af322a3c0b116991cb87092dc
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
a48fd35c61908d912b5ac9e1face12e0962a0d9ecc8679e87db4031697cec54e
ac8778041fdb7f2e08ceb574c9a766247ea26f1a7d90fa854c4efcf4b361a957
b17b4a5cc840a366a4c006794502f887a316402f781f85e913ac4af19a93fc13
b1d4780bcf4ccc8f490c421d8ad49e0475ee1ecd92ec4b0736855a59c378104a
b5fd82d19e45a2998d5ae86aa40b5a8409695806d77ed22681cdde94693c0cd6
b95963e2f0fbf8eb7463870ebe01ea25daf8e13128cbba25edc36f1038ad5f5d
bb9618da0bda5d15a6063465f31d317ba61f7b3f4284eb6e92715fb0f47abf2a
bda2cf571d7ea45f68afcdc87f968090dbf4bbdec2c7d6d19ce591b3980c296f
c317eeaedde3bc303ff5e46985db180f2a54cd3159049df72c8082fbf5a6a1f7
c64da1db6462f07b0040c2ac421766b742d4cfe9e67cfab6dff3a66ec288f949
ca2000e8bfea9f1a65578b79ac87bd2c0f936bd27c6990677d5ab072f24946d3
ce337ec7dda4b3a741363a2673c7edce5c736f1660e2aa908131ecfd9dd1343f
d205d2b212c76b941704997298d9cf7e47dd407328c325f7f28cd7615eb429b7
d2fd60d2e910b8c256dab0c90c0dade58dd216eca76d0ff8f44e1ab12ce4eb08
da691c9121865cc84cb038acd5c8cc3b8adcd480c4f1edeaa8bbf8acd532ee0f
dc0c9e0cc02147dff32685f81f70ef7427b9f657d2d23f0d927bbd0534341fc3
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e12dbcca5967276713c5ac9d81bb6bbec9ca14ca3ee0b2211e1c362d5b6f8731
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e6370f9ea258a05b7c088eac81d2e1893aae1bcca1127bad9df02e125ff86c99
e6fa8e5c4ead3fe2cbd9f01169aba2e90dc25bf47c90d901a00bbbd11af4453d
ed6d3879e83eea603a014f1a6918ebfbec89aa7abc0abc1a51daee288a10715f
ee58c41638384f57396d1e4ed119ad530fed6c569573df0b38c05208d5fb1a19
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3daef9cbafb6f4fdb45a1ae5d15c4648e1612d0dc9a371bf9944c9f3b35415d
f5474a32b388c35a1d8bee76826e3071660f910d883229ece671d4cb5ea54ba4
f711615d80b0d3f4b6b1ff543646cb4c39b181c0180a30ac025eb79f237d6c67
f8f2538e22c79cb7dc4e0f946da89f14dde3c6fc8ed7e74ef32674f596e5e633
f9633dfdb9cc6a64c188c436925e3ba676aab06065c04bc86b385ec2fec4c804
fcc5947420bac95a9ee88dc4782ae6101a53a397e25b582b468979318eb71171
fdc333bb979e5bc4903094252254cd7d44252e03561fea65225246f880eb7621
fdda2bf7d8e87b5ac90a791a5131a9811c207171107482857b67f6b8329854fb