urlscan.io logo urlscan.io
SecurityTrails logo

cashback.santander.com.mx Open in urlscan Pro
45.60.197.69  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: http://cashback.santander.com.mx/
Effective URL: https://cashback.santander.com.mx/
Submission Tags: hades
Submission: On October 17 via api from ES — Scanned from ES
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 9 IPs in 5 countries across 7 domains to perform 49 HTTP transactions. The main IP is 45.60.197.69, located in United States and belongs to INCAPSULA, US. The main domain is cashback.santander.com.mx.
TLS certificate: Issued by GlobalSign Atlas R3 DV TLS CA 2024 Q4 on October 10th 2024. Valid for: 6 months.
This is the only time cashback.santander.com.mx was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
28 45.60.197.69 19551 (INCAPSULA)
2 2a00:1450:400... 15169 (GOOGLE)
9 104.19.147.8 13335 (CLOUDFLAR...)
5 104.126.37.129 20940 (AKAMAI-ASN1)
2 2001:4860:480... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 2a00:1450:400... 15169 (GOOGLE)
1 54.216.146.88 16509 (AMAZON-02)
49 9
28    45.60.197.69 (United States)

ASN19551 (INCAPSULA, US)
cashback.santander.com.mx
2    2a00:1450:4001:82f::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
9    104.19.147.8 (None, )

ASN13335 (CLOUDFLARENET, US)
script.crazyegg.com
5    104.126.37.129 (Frankfurt am Main, Germany)

ASN20940 (AKAMAI-ASN1, NL)
PTR: a104-126-37-129.deploy.static.akamaitechnologies.com
analytics.tiktok.com
2    2001:4860:4802:32::36 (United States)

ASN15169 (GOOGLE, US)
region1.analytics.google.com
1    2a00:1450:400c:c00::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    2a00:1450:4001:810::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)
www.google.es
1    54.216.146.88 (Dublin, Ireland)

ASN16509 (AMAZON-02, US)
PTR: ec2-54-216-146-88.eu-west-1.compute.amazonaws.com
tracking.crazyegg.com
Apex Domain
Subdomains		 Transfer
28 santander.com.mx
cashback.santander.com.mx
620 KB
10 crazyegg.com
script.crazyegg.com — Cisco Umbrella Rank: 2568
tracking.crazyegg.com — Cisco Umbrella Rank: 4786
236 KB
5 tiktok.com
analytics.tiktok.com — Cisco Umbrella Rank: 817
140 KB
2 google.com
region1.analytics.google.com — Cisco Umbrella Rank: 4401
2 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 39
213 KB
1 google.es
www.google.es — Cisco Umbrella Rank: 26285
408 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 136
552 B
49 7
Domain Requested by
28 cashback.santander.com.mx cashback.santander.com.mx
9 script.crazyegg.com www.googletagmanager.com
cashback.santander.com.mx
script.crazyegg.com
5 analytics.tiktok.com cashback.santander.com.mx
analytics.tiktok.com
2 region1.analytics.google.com cashback.santander.com.mx
2 www.googletagmanager.com cashback.santander.com.mx
www.googletagmanager.com
1 tracking.crazyegg.com cashback.santander.com.mx
1 www.google.es cashback.santander.com.mx
1 stats.g.doubleclick.net www.googletagmanager.com
49 8

This site contains no links.

Subject Issuer Validity Valid
imperva.com
GlobalSign Atlas R3 DV TLS CA 2024 Q4		 2024-10-10 -
2025-04-08		 6 months crt.sh
*.google-analytics.com
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
script.crazyegg.com
Cloudflare Inc ECC CA-3		 2024-08-02 -
2024-12-31		 5 months crt.sh
*.tiktok.com
RapidSSL TLS ECC CA G1		 2024-07-15 -
2025-07-15		 a year crt.sh
*.g.doubleclick.net
WR2		 2024-09-24 -
2024-12-17		 3 months crt.sh
*.google.es
WR2		 2024-09-30 -
2024-12-23		 3 months crt.sh
crazyegg.com
Amazon RSA 2048 M03		 2024-05-24 -
2025-06-23		 a year crt.sh

This page contains 3 frames:

Primary Page: https://cashback.santander.com.mx/
Frame ID: 5B23C31B64681781D84D616993A6868A
Requests: 48 HTTP requests in this frame

Frame: https://cashback.santander.com.mx/error
Frame ID: AA1BBD9935F60ACFF1B4E6E75BFA59E7
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 6D248D9272BA13BDE5FDB4D7AD494632
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

CashBackBaby

Page URL History Show full URLs

  1. http://cashback.santander.com.mx/ HTTP 307
    https://cashback.santander.com.mx/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • script\.crazyegg\.com/pages/scripts/\d+/\d+\.js
Overall confidence: 100%
Detected patterns
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • /_Incapsula_Resource

Page Statistics

49
Requests

100 %
HTTPS

50 %
IPv6

7
Domains

8
Subdomains

9
IPs

5
Countries

1210 kB
Transfer

3892 kB
Size

23
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. http://cashback.santander.com.mx/ HTTP 307
    https://cashback.santander.com.mx/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

49 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
cashback.santander.com.mx/
Redirect Chain
  • http://cashback.santander.com.mx/
  • https://cashback.santander.com.mx/
15 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4795191e480062b52b217ff734f4a3464c9f001779b105fbc2d98ff9d5b37826
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36

Response headers

cache-control
private
content-encoding
gzip
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
content-type
text/html
date
Thu, 17 Oct 2024 07:00:27 GMT
etag
W/"67073a94-3b2f:dtagent102892403251030557uw6"
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
referrer-policy
origin
server-timing
dtSInfo;desc="0", dtRpid;desc="340394116"
strict-transport-security
max-age=31536000; includeSubDomains; preload
vary
Accept-Encoding
x-cdn
Imperva
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN DENY
x-iinfo
11-161016124-161016132 NNNN CT(155 315 0) RT(1729148426653 39) q(0 0 5 1) r(7 7) U12
x-oneagent-js-injection
true
x-ruxit-js-agent
true
x-xss-protection
1; mode=block

Redirect headers

Location
https://cashback.santander.com.mx/
Non-Authoritative-Reason
HttpsUpgrades
ruxitagentjs_ICANVfqru_10289240325103055.js
cashback.santander.com.mx/dynatrace/ 		188 KB
74 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/dynatrace/ruxitagentjs_ICANVfqru_10289240325103055.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
eea713e829d062c466112eb11bfbae0d89d3e05bd4cd36dd1b4658ec7879e11b
Security Headers
Name Value
Content-Security-Policy ; ; ; ; ; ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
x-content-type-options
nosniff
expires
Fri, 17 Oct 2025 07:00:28 GMT
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
text/javascript; charset=utf-8
last-modified
Wed, 03 Mar 2010 07:01:40 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016227 2NNN RT(1729148426653 750) q(0 0 0 -1) r(0 6) U18
content-security-policy
; ; ; ; ; ;
cache-control
public, max-age=31536000, immutable
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
; ; ; ; ; ;
content-length
74856
x-xss-protection
1; mode=block
109.65716945f6a2b59d.js
cashback.santander.com.mx/resources/ 		465 KB
127 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/109.65716945f6a2b59d.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
637de24dfd2716c495cec7cc681dc1347398f82d722baaff351d3e7f64b45f05
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-742fb"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="947582928", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016229 2NNN RT(1729148426653 756) q(0 0 0 -1) r(0 6) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
146.184b3062e84e9803.js
cashback.santander.com.mx/resources/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/146.184b3062e84e9803.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
31af5f9bd9e220d0221b5758621adf004a65bac662eb24d44153d39a2af39503
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-28ad"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-358659449", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016232 2NNN RT(1729148426653 766) q(0 0 0 -1) r(0 6) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
278.de8e7f0de5f02226.js
cashback.santander.com.mx/resources/ 		1 KB
839 B 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/278.de8e7f0de5f02226.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d24e99fb22e2846e526512495c44dde9946dad8bb200b93952dbb4c96d3718ac
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-458"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-16385813", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016234 2NNN RT(1729148426653 778) q(0 0 0 -1) r(0 6) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
494.21e818bcb314c714.js
cashback.santander.com.mx/resources/ 		49 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/494.21e818bcb314c714.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
4ec1999d3162107816ae5c48d7e9f07cb86501f0aaf9c2ae23a85aed33990d4b
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-c4fe"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="376538813", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016236 2NNN RT(1729148426653 780) q(0 0 0 -1) r(0 7) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
600.4cd936cac754f90c.js
cashback.santander.com.mx/resources/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/600.4cd936cac754f90c.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e40e13d6145c23fffcc7584a15076d76c690fa6cdb5c6b07f97912c0dbf83bd9
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-1c43"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1323615259", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016238 2NNN RT(1729148426653 782) q(0 0 0 -1) r(0 6) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
756.726ff3f6af69986b.js
cashback.santander.com.mx/resources/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/756.726ff3f6af69986b.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
3009534424dd1bb6150df0abb80490427a6f8716c42f2b5450e46bf57b074cd4
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-123c"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="2023419", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016238 2NNN RT(1729148426653 783) q(0 6 6 -1) r(7 7) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
83.5edc4cfb2a94f57c.js
cashback.santander.com.mx/resources/ 		41 KB
11 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/83.5edc4cfb2a94f57c.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
ee6b76a0fa965b1bebde4c11da53f83651b7d91ef9156ab89f256947255765e1
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-a2d2"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-496406035", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016232 2NNN RT(1729148426653 785) q(0 6 6 -1) r(7 7) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
common.a4ae4b73dcb71715.js
cashback.santander.com.mx/resources/ 		10 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/common.a4ae4b73dcb71715.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
aa1d3b874d16a1f5ddfeb112384c7adea4888e47ef85eb9c15b4a8c444608365
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-29ee"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-783300267", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016234 2NNN RT(1729148426653 786) q(0 6 6 -1) r(8 8) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
runtime.368d65e4ff551665.js
cashback.santander.com.mx/resources/ 		3 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/runtime.368d65e4ff551665.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
86e71be9fa7da2097c0e0d8281b04fb1b04512d2e6c5e0a36bccb62f99366f94
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-b6d"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-92492518", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016236 2NNN RT(1729148426653 787) q(0 7 7 -1) r(8 8) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
polyfills.1b42a26698a9e158.js
cashback.santander.com.mx/resources/ 		35 KB
13 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
82c06f3f952ccc7bbdfdecf5ce68b767abf12fc4b153e62aca2f840f7d6ffdcb
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-8c16"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1311243160", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016238 2NNN RT(1729148426653 790) q(0 7 7 -1) r(9 9) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
scripts.a62e2e60f2b42088.js
cashback.santander.com.mx/resources/ 		59 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/scripts.a62e2e60f2b42088.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f4ec0bbfa2c53e3c381f4faf8f5b2fa0249cb8738e7b7182a29e8c5766a1e844
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-eb3d"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="993205200"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016227 2NNN RT(1729148426653 1946) q(0 1 1 -1) r(2 2) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
main.18e26b4bac316ef8.js
cashback.santander.com.mx/resources/ 		554 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/main.18e26b4bac316ef8.js
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
a943dd554f4ad23b5e961e6260e84a3d4f2689fc5f076c59c396d87014a81c02
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-8a9de"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-805326478", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:28 GMT
content-type
application/javascript
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016232 2NNN RT(1729148426653 791) q(0 8 8 -1) r(9 9) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
_Incapsula_Resource
cashback.santander.com.mx/ 		84 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/_Incapsula_Resource?SWJIYLWA=719d34d31c8e3a6e6fffd425f7e032f3&ns=1&cb=922864357
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
acb2f824d3b306fa87fdec9e8105244ff480fb6567053d78e65bade509ae2266

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

x-robots-tag
noindex
cache-control
no-cache, no-store
content-encoding
gzip
content-length
20565
content-type
application/javascript
styles.5c987f3dbc347b83.css
cashback.santander.com.mx/resources/ 		71 KB
12 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1fb373308af9bd2f4c2f81f963ef950c2a0e2fadf5b139a08617368afa906fb6
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-11b08"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="850057068"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
text/css
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016238 2NNN RT(1729148426653 1955) q(0 0 0 -1) r(1 1) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
SantanderText-Regular.woff2
cashback.santander.com.mx/assets/fonts/santander/ 		31 KB
31 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/fonts/santander/SantanderText-Regular.woff2
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5c444cc35b67d5d43c90f5fb4c1e40e6cb4b89b67f0ba17d9c54c8c3467799a3
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-7bf4:dtagent102892403251030557uw6"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-513789125", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
font/woff2
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016132 PNNN RT(1729148426653 1964) q(0 0 0 -1) r(1 1) U12
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
31732
x-xss-protection
1; mode=block
_Incapsula_Resource
cashback.santander.com.mx/ 		1 B
35 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cashback.santander.com.mx/_Incapsula_Resource?SWKMTFSR=1&e=0.8390781533003908
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

x-robots-tag
noindex
cache-control
no-cache, no-store
content-length
1
content-type
text/plain
styles.5c987f3dbc347b83.css
cashback.santander.com.mx/resources/ 		71 KB
0 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
1fb373308af9bd2f4c2f81f963ef950c2a0e2fadf5b139a08617368afa906fb6
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

x-iinfo
11-161016124-161016238 2NNN RT(1729148426653 1955) q(0 0 0 -1) r(1 1) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
content-encoding
gzip
etag
W/"67073a94-11b08"
x-cdn
Imperva
referrer-policy
origin
x-content-type-options
nosniff
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
server-timing
dtSInfo;desc="0", dtRpid;desc="850057068"
date
Thu, 17 Oct 2024 07:00:29 GMT
x-xss-protection
1; mode=block
content-type
text/css
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
gtm.js
www.googletagmanager.com/ 		432 KB
118 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/main.18e26b4bac316ef8.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
bc89928766168f1a5b61020c2047f7f14eae97354cc3449537f2d39c19950110
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:1080:0"}],}
expires
Thu, 17 Oct 2024 07:00:29 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
last-modified
Thu, 17 Oct 2024 06:00:00 GMT
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:1080:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
119954
x-xss-protection
0
server
Google Tag Manager
SantanderText-Regular.woff2
cashback.santander.com.mx/assets/fonts/santander/ 		31 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/fonts/santander/SantanderText-Regular.woff2
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
5c444cc35b67d5d43c90f5fb4c1e40e6cb4b89b67f0ba17d9c54c8c3467799a3
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-7bf4:dtagent102892403251030557uw6"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-513789125", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
font/woff2
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
x-frame-options
SAMEORIGIN, DENY
x-iinfo
11-161016124-161016132 PNNN RT(1729148426653 1964) q(0 0 0 -1) r(1 1) U12
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
31732
x-xss-protection
1; mode=block
SantanderHeadline-Bold.woff
cashback.santander.com.mx/assets/fonts/santander/ 		69 KB
70 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/fonts/santander/SantanderHeadline-Bold.woff
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
27e88a4eb8816c793a911514ea3f66d980e5fe69f47116c233a6eb59275f5ab0
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-1159a:dtagent102892403251030557uw6"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1378600479", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
font/woff
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016232 2NNN RT(1729148426653 2700) q(0 0 0 -1) r(2 2) U12
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
71066
x-xss-protection
1; mode=block
SantanderText-Bold.woff2
cashback.santander.com.mx/assets/fonts/santander/ 		12 KB
0 		Font
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/fonts/santander/SantanderText-Bold.woff2
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-7c6c:dtagent102892403251030557uw6"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-59152292", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
font/woff2
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016554 NNNN CT(150 153 0) RT(1729148426653 2707) q(0 0 3 -1) r(5 5) U12
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
31852
x-xss-protection
1; mode=block
place.svg
cashback.santander.com.mx/assets/images/empty-state/ 		7 KB
3 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://cashback.santander.com.mx/assets/images/empty-state/place.svg
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/pages/error/401
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b1aa2de49c36bccfc0bb74efeb6fe3865b259071c3bd377a103a3a3d32ee90e5
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
etag
W/"67073a94-1ace"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1130583423"
date
Thu, 17 Oct 2024 07:00:29 GMT
content-type
image/svg+xml
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
vary
Accept-Encoding
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
11-161016124-161016132 PNNN RT(1729148426653 2694) q(0 0 0 -1) r(2 2) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
x-xss-protection
1; mode=block
3158.js
script.crazyegg.com/pages/scripts/0118/ 		7 KB
3 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/scripts/0118/3158.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
821f55ca3b3c7fedf6d62899897fc2ff30b616ac455f1aa8cc3c33585856a47d

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
cf-polished
origSize=6996
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
text/javascript
last-modified
Thu, 17 Oct 2024 06:58:58 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8d3e6978ce7fcc39-MAD
access-control-allow-origin
*
ce-version
11.5.299
server
cloudflare
events.js
analytics.tiktok.com/i18n/pixel/ 		10 KB
4 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CL7738BC77UFPNDA5JUG&lib=ttq
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
d39ef13a6813ac60808836b738207e409edd712b8ec4b9c8a8d05ad1012df5f1

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
x-cache-remote
TCP_MISS from a23-48-249-176.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
expires
Thu, 17 Oct 2024 07:00:30 GMT
server-timing
cdn-cache; desc=MISS, edge; dur=89, origin; dur=8, inner; dur=3
x-cache
TCP_MISS from a104-126-37-140.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
x-akamai-request-id
50779616.892cb1c
x-tt-trace-host
01c1afc45fa358698c37f6d390be515843a6026a4cc1eadb6e82cd8fa351500186e85f698acbaad69b89b619b394ff34a8924835d052c903700bc54d3a214d55258474a9a3c1d3c3eb220fcc13f09e5c39fa2357404a50acb6e40ad1a5433f284c8163f22a6555b921f6225a436c590fe3
x-origin-response-time
8,23.48.249.176
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
x-tt-trace-id
00-2410170700302174FF2F1F87CC1894ED-5CC5AEBF847E327B-00
x-parent-response-time
97,104.126.37.140
x-tt-logid
202410170700302174FF2F1F87CC1894ED
server
nginx
js
www.googletagmanager.com/gtag/ 		272 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-2EZ108TPQX&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:82f::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
b9c635dea9a1df68df50ff40f6816d6a8472d75dd6e174c3b5ab7999bf418e5a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
br
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascgcycc:838:0"}],}
expires
Thu, 17 Oct 2024 07:00:30 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
application/javascript; charset=UTF-8
vary
Accept-Encoding
access-control-allow-headers
Cache-Control
strict-transport-security
max-age=31536000; includeSubDomains
cache-control
private, max-age=900
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascgcycc:838:0
access-control-allow-origin
*
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
96699
x-xss-protection
0
server
Google Tag Manager
error
cashback.santander.com.mx/ Frame AA1B 		741 B
838 B 		Other
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/error
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/pages/error/401
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
9daa68250006c1e9237f47d5816563e82a41a326d9ee1c20a02b533d81779030

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
application/csp-report
Referer

Response headers

x-iinfo
11-161016124-0 0NNN RT(1729148426653 3319) q(0 -1 -1 -1) r(0 -1) B16 U6
cache-control
no-cache, no-store
content-length
741
content-type
text/html
SantanderText-Bold.woff
cashback.santander.com.mx/assets/fonts/santander/ 		44 KB
45 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/fonts/santander/SantanderText-Bold.woff
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/styles.5c987f3dbc347b83.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
b9049ef97f8ff43dd02b8792daf059bd7f8558097baf73daa32a84b9cb44a8b1
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Origin
https://cashback.santander.com.mx
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-af94:dtagent102892403251030557uw6"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="-2122157398", dtTao;desc="1"
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
font/woff
last-modified
Thu, 10 Oct 2024 02:23:15 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
12-191877625-191877630 2NNN RT(1729148430075 41) q(0 0 0 -1) r(0 4) U12
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
timing-allow-origin
*
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
44948
x-xss-protection
1; mode=block
cashback.santander.com.mx.json
script.crazyegg.com/pages/data-scripts/0118/3158/site/ 		29 KB
6 KB 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0118/3158/site/cashback.santander.com.mx.json?t=1
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
ffe1667b4eebbdd155d715cbaaf34b961a018ac549ec894b6a3967d32442034a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
application/json
last-modified
Thu, 17 Oct 2024 07:00:30 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8d3e697b7cac666b-MAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
5793
ce-version
11.5.299
server
cloudflare
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-2EZ108TPQX&gtm=45je4ag0v9187630074z8894594583za200zb894594583&_p=1729148429629&_gaz=1&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685&cid=1287846147.1729148431&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1729148430&sct=1&seg=0&dl=https%3A%2F%2Fcashback.santander.com.mx%2Fpages%2Ferror%2F401&dt=CashBackBaby&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3606
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://cashback.santander.com.mx
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
text/plain
server
Golfe2
collect
stats.g.doubleclick.net/g/ 		0
552 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-2EZ108TPQX&cid=1287846147.1729148431&gtm=45je4ag0v9187630074z8894594583za200zb894594583&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101686685
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-2EZ108TPQX&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:400c:c00::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:111:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:111:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://cashback.santander.com.mx
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
text/plain
server
Golfe2
ga-audiences
www.google.es/ads/ 		42 B
408 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.es/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-2EZ108TPQX&cid=1287846147.1729148431&gtm=45je4ag0v9187630074z8894594583za200zb894594583&aip=1&dma=1&dma_cps=syphamo&gcd=13l3l3l2l1l1&npa=1&frm=0&tag_exp=101686685&tag_exp=101686685&z=1635090817
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/pages/error/401
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a00:1450:4001:810::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
no-cache, no-store, must-revalidate
timing-allow-origin
*
pragma
no-cache
cross-origin-resource-policy
cross-origin
x-content-type-options
nosniff
expires
Fri, 01 Jan 1990 00:00:00 GMT
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
content-length
42
date
Thu, 17 Oct 2024 07:00:30 GMT
x-xss-protection
0
content-type
image/gif
server
cafe
truncated
/ Frame 6D24 		3 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
truncated
/ Frame 6D24 		5 KB
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer

Response headers

Content-Type
image/png
main.MTdkNGE4ZTU0MQ.js
analytics.tiktok.com/i18n/pixel/static/ 		341 KB
95 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/main.MTdkNGE4ZTU0MQ.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/events.js?sdkid=CL7738BC77UFPNDA5JUG&lib=ttq
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
4e9f6a80a2c5e548c6cdb6ab88151d457a77c8f33a626b3153aed2846b59a56a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

x-cache
TCP_MEM_HIT from a104-126-37-140.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=4
x-tt-trace-id
00-24101012580634788FF07707F903191A-58E74F705617A605-00
content-length
97105
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
2024101012580634788FF07707F903191A
server
nginx
x-akamai-request-id
892d1a9
x-tt-trace-host
01abdfe81352be9520d5df341ab0f6c760c4719334afaaf53b574e901a7e562e52a369e97709668dfe5ac0133cadf0b5d3a5bec804b9f2a3ceaf0210d08d091e1b457446aac246575a3b0c28c1d8bce2c01071ff6b73f4ca5f0f4fece6087781cf
ee80b5a911d336a575494633a4dff91d.js
script.crazyegg.com/pages/versioned/commontransformations-scripts/ 		149 KB
51 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/commontransformations-scripts/ee80b5a911d336a575494633a4dff91d.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4ab822ad101fc8f9676ef6dba5c074982ea233d98b3fff5bb3ab73789305f198

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
30650
cf-polished
origSize=152414
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:30 GMT
content-type
text/javascript
last-modified
Tue, 08 Oct 2024 19:20:11 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
cf-ray
8d3e697d2ae6cc39-MAD
access-control-allow-origin
*
server
cloudflare
identify_7bf75739.js
analytics.tiktok.com/i18n/pixel/static/ 		146 KB
39 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/i18n/pixel/static/identify_7bf75739.js
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdkNGE4ZTU0MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

x-cache
TCP_MEM_HIT from a104-126-37-140.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
vary
Accept-Encoding
cache-control
public, max-age=31536000, immutable
content-encoding
gzip
x-tt-trace-tag
id=16;cdn-cache=hit;type=static
server-timing
cdn-cache; desc=HIT, edge; dur=0, origin; dur=0, inner; dur=2
x-tt-trace-id
00-240830022527CBF5A6BDAC95BF85457C-5FCCE23284D5383A-00
content-length
39498
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
application/javascript; charset=UTF-8
x-tt-logid
20240830022527CBF5A6BDAC95BF85457C
server
nginx
x-akamai-request-id
892d4d9
x-tt-trace-host
019cd81d430e382d22765268805daf2a1ed00bbf855ae9ed467d1da7885edad72cb00cb70985005c1de089a0a7fbb52c36fd8d02a4d9f7ae6ff597e3efb941b9bf875b60c3d790a2a84eec0c13cb20e8bea64ceb5ee2071c300573373bbc3698de
pixel
analytics.tiktok.com/api/v2/ 		0
875 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdkNGE4ZTU0MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://cashback.santander.com.mx/

Response headers

x-cache-remote
TCP_MISS from a23-48-249-176.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Thu, 17 Oct 2024 07:00:31 GMT
server-timing
cdn-cache; desc=MISS, edge; dur=96, origin; dur=85, inner; dur=82
x-cache
TCP_MISS from a104-126-37-140.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date
Thu, 17 Oct 2024 07:00:31 GMT
x-akamai-request-id
5077a32d.892d576
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c1afc45fa358698c37f6d390be515843a6026a4cc1eadb6e82cd8fa351500186e85f698acbaad69b89b619b394ff34a832d15ca39d039cd4ddbfa5717a92d420afa8672aac9752ee9421f68cf9ee98b38bd4afb975ba52df3ab44614dce4bdff1a67f5391eed63c8ae204b2ee97704ee
x-origin-response-time
86,23.48.249.176
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-24101707003103F27A84EFD0DC141CDB-262346485D1013B0-00
content-length
0
x-parent-response-time
174,104.126.37.140
x-tt-logid
2024101707003103F27A84EFD0DC141CDB
server
nginx
cashback.santander.com.mx.json
script.crazyegg.com/pages/data-scripts/0118/3158/sampling/ 		46 B
292 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/data-scripts/0118/3158/sampling/cashback.santander.com.mx.json?t=1
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
29d6b32f545f36a29ab83a4be5f92d4ebfb43a6dcc6457f7681a8478e5e8ea6c

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

access-control-expose-headers
CE-Version
content-encoding
gzip
cf-cache-status
MISS
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
application/json
last-modified
Thu, 17 Oct 2024 07:00:31 GMT
vary
Accept-Encoding
cache-control
public, max-age=300, s-maxage=1209600
timing-allow-origin
*
cf-ray
8d3e697e1f9a666b-MAD
accept-ranges
bytes
access-control-allow-origin
*
content-length
65
ce-version
11.5.299
server
cloudflare
act
analytics.tiktok.com/api/v2/pixel/ 		0
718 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://analytics.tiktok.com/api/v2/pixel/act
Requested by
Host: analytics.tiktok.com
URL: https://analytics.tiktok.com/i18n/pixel/static/main.MTdkNGE4ZTU0MQ.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
104.126.37.129 Frankfurt am Main, Germany, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
a104-126-37-129.deploy.static.akamaitechnologies.com
Software
nginx /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://cashback.santander.com.mx/

Response headers

access-control-allow-methods
GET,POST,PUT,PATCH,DELETE,HEAD,OPTIONS,UPDATE
expires
Thu, 17 Oct 2024 07:00:31 GMT
server-timing
inner; dur=16, cdn-cache; desc=MISS, edge; dur=11, origin; dur=106
x-cache
TCP_MISS from a104-126-37-140.deploy.akamaitechnologies.com (AkamaiGHost/11.6.5-0c617a4be13e71cac2c90d10d87ecf54) (-)
date
Thu, 17 Oct 2024 07:00:31 GMT
x-akamai-request-id
892d740
access-control-allow-headers
Authorization,*
x-tt-trace-host
01c1afc45fa358698c37f6d390be515843a6026a4cc1eadb6e82cd8fa3515001863551517516f5f1b0b2f4b7cc184536793c78a186545a2c3794fcfd8c53475e05035816ca2963e163c6420ed8902187c5f2b5df4c110befb857c2b5dd4f519a7a
x-origin-response-time
106,104.126.37.140
cache-control
max-age=0, no-cache, no-store
pragma
no-cache
x-tt-trace-tag
id=16;cdn-cache=miss;type=dyn
access-control-allow-origin
*
x-tt-trace-id
00-2410170700317C7BEE23FAF5BF1A7578-4E419A7C6FA71596-00
content-length
0
x-tt-logid
202410170700317C7BEE23FAF5BF1A7578
server
nginx
clock
tracking.crazyegg.com/ 		41 B
148 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://tracking.crazyegg.com/clock?t=1&tk=6ced750779fe8236415a485dea561f94&u=1183158&s=423145&p=%2Fpages%2Ferror%2F401&v=7eabc37abf3a5b34c5b421c594b6f41e35acc4df&f=cashback.santander.com.mx%2Fpages%2Ferror%2F*&ul=https%3A%2F%2Fcashback.santander.com.mx%2Fpages%2Ferror%2F401
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
54.216.146.88 Dublin, Ireland, ASN16509 (AMAZON-02, US),
Reverse DNS
ec2-54-216-146-88.eu-west-1.compute.amazonaws.com
Software
awselb/2.0 /
Resource Hash
45ad433b6cfb142302c57d16d171ab5fb6fa2233ea20a80783a494252e85aa2b

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
no-store
access-control-allow-origin
*
content-length
41
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
text/plain
server
awselb/2.0
favicon.ico
cashback.santander.com.mx/assets/images/ 		894 B
1 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/assets/images/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
d47719bf15cd65885a7874513fae908ab1310cce2e03dec293cbb566ad420cb5
Security Headers
Name Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

etag
"67073a94-37e"
x-content-type-options
nosniff
server-timing
dtSInfo;desc="0", dtRpid;desc="1096239158"
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
image/x-icon
last-modified
Thu, 10 Oct 2024 02:23:16 GMT
x-frame-options
SAMEORIGIN, DENY
strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
12-191877625-191877707 NNNN CT(154 155 0) RT(1729148430075 859) q(0 0 3 -1) r(5 5) U18
content-security-policy
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
x-cdn
Imperva
referrer-policy
origin
content-security-policy-report-only
script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self'; report-uri /error
accept-ranges
bytes
content-length
894
x-xss-protection
1; mode=block
51c1d44ef02049b8bd6c7c412b7622d1.js
script.crazyegg.com/pages/versioned/tracking-scripts/ 		95 KB
31 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/tracking-scripts/51c1d44ef02049b8bd6c7c412b7622d1.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
3ea2a1c44caddb672fad2f2cf72e8b828cd2e1ddb099f10b7f72f1f93121d945

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
32239
cf-ray
8d3e6980ee49cc39-MAD
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
text/javascript
last-modified
Fri, 11 Oct 2024 16:53:10 GMT
vary
Accept-Encoding
server
cloudflare
5fc42c93de2eab0609c4aca20003d15e.js
script.crazyegg.com/pages/versioned/trackingpagestate-scripts/ 		20 KB
8 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/pages/versioned/trackingpagestate-scripts/5fc42c93de2eab0609c4aca20003d15e.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
public, max-age=31536000, s-maxage=31536000
timing-allow-origin
*
content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
32226
cf-ray
8d3e6980fe5ecc39-MAD
access-control-allow-origin
*
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
text/javascript
last-modified
Tue, 15 Oct 2024 19:27:12 GMT
vary
Accept-Encoding
server
cloudflare
index.js
script.crazyegg.com/scripts/addons/1.0.112/ 		897 B
716 B 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/scripts/addons/1.0.112/index.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9598e291a1015e2151d3a0a9b0623b1f1e5e614186cb867ffb39dd79ca44385a

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
95774
expires
Fri, 17 Oct 2025 07:00:31 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
application/javascript;charset=utf-8
last-modified
Mon, 26 Aug 2024 07:41:36 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
8d3e69818edfcc39-MAD
access-control-allow-origin
*
server
cloudflare
e1135c7f31a16440d5fc9944b7402d81.js
script.crazyegg.com/scripts/addons/thirdparty/ 		325 KB
82 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/scripts/addons/thirdparty/e1135c7f31a16440d5fc9944b7402d81.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
850b42447426e232e97c525df9bc3ac34a1c18d888c70b771d400306bfa4b954

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
95774
expires
Fri, 17 Oct 2025 07:00:31 GMT
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
application/javascript;charset=utf-8
last-modified
Mon, 26 Aug 2024 07:41:37 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
8d3e6981df1dcc39-MAD
access-control-allow-origin
*
server
cloudflare
cta.js
script.crazyegg.com/scripts/addons/1.0.112/ 		191 KB
55 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.crazyegg.com/scripts/addons/1.0.112/cta.js
Requested by
Host: script.crazyegg.com
URL: https://script.crazyegg.com/pages/scripts/0118/3158.js
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
104.19.147.8 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
b52f820f8daab7925de8ab9ca30c5f837d9126d6cb553258e46f4443eef6ea60

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Referer
https://cashback.santander.com.mx/

Response headers

content-encoding
gzip
cf-bgj
minify
cf-cache-status
HIT
age
95767
expires
Fri, 17 Oct 2025 07:00:31 GMT
cf-polished
origSize=195991
alt-svc
h3=":443"; ma=86400
server-timing
cfExtPri
date
Thu, 17 Oct 2024 07:00:31 GMT
content-type
application/javascript;charset=utf-8
last-modified
Mon, 26 Aug 2024 07:41:37 GMT
vary
Accept-Encoding
cache-control
public, max-age=31536000
timing-allow-origin
*
cf-ray
8d3e69829fd9cc39-MAD
access-control-allow-origin
*
server
cloudflare
rb_7c81adae-2a19-4bf4-88e2-5a5dee64e70c
cashback.santander.com.mx/dynatrace/ 		116 B
357 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/dynatrace/rb_7c81adae-2a19-4bf4-88e2-5a5dee64e70c?type=js3&sn=v_4_srv_34_sn_569520C67DF6C68FA825553B468A0525_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_1&svrid=34&flavor=post&vi=EAFOSAKWPRGWVKJNKKJJJHUAQHRHATIM-0&modifiedSince=1729036453383&rf=https%3A%2F%2Fcashback.santander.com.mx%2F&bp=3&app=ea7c4b59f27d43eb&crc=627648574&en=e7knc3lf&end=1
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/dynatrace/ruxitagentjs_ICANVfqru_10289240325103055.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f98d1bede61d9ab91b85b8ee5f4108b7b1db18c317ae8b0dbd84c7f3c5a31593
Security Headers
Name Value
Content-Security-Policy ; ; ; ; ; ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

x-dtreferer
https://cashback.santander.com.mx/
Referer
https://cashback.santander.com.mx/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
12-191877625-191877707 PNYN RT(1729148430075 2320) q(0 1 1 -1) r(2 2) U6
content-security-policy
; ; ; ; ; ;
content-encoding
br
x-cdn
Imperva
referrer-policy
origin
x-content-type-options
nosniff
content-security-policy-report-only
; ; ; ; ; ;
date
Thu, 17 Oct 2024 07:00:32 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=utf-8
x-frame-options
SAMEORIGIN, DENY
rb_7c81adae-2a19-4bf4-88e2-5a5dee64e70c
cashback.santander.com.mx/dynatrace/ 		116 B
309 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://cashback.santander.com.mx/dynatrace/rb_7c81adae-2a19-4bf4-88e2-5a5dee64e70c?type=js3&sn=v_4_srv_34_sn_569520C67DF6C68FA825553B468A0525_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_1&svrid=34&flavor=post&vi=EAFOSAKWPRGWVKJNKKJJJHUAQHRHATIM-0&modifiedSince=1729036453383&rf=https%3A%2F%2Fcashback.santander.com.mx%2Fpages%2Ferror%2F401&bp=3&app=ea7c4b59f27d43eb&crc=4063860868&en=e7knc3lf&end=1
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/dynatrace/ruxitagentjs_ICANVfqru_10289240325103055.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
45.60.197.69 , United States, ASN19551 (INCAPSULA, US),
Reverse DNS
Software
/
Resource Hash
f98d1bede61d9ab91b85b8ee5f4108b7b1db18c317ae8b0dbd84c7f3c5a31593
Security Headers
Name Value
Content-Security-Policy ; ; ; ; ; ;
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN, DENY
X-Xss-Protection 1; mode=block

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://cashback.santander.com.mx/

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
x-iinfo
12-191877625-191877707 PNYN RT(1729148430075 4347) q(0 0 0 -1) r(2 2) U6
content-security-policy
; ; ; ; ; ;
content-encoding
br
x-cdn
Imperva
referrer-policy
origin
x-content-type-options
nosniff
content-security-policy-report-only
; ; ; ; ; ;
date
Thu, 17 Oct 2024 07:00:34 GMT
x-xss-protection
1; mode=block
content-type
text/plain; charset=utf-8
x-frame-options
SAMEORIGIN, DENY
collect
region1.analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://region1.analytics.google.com/g/collect?v=2&tid=G-2EZ108TPQX&gtm=45je4ag0v9187630074z8894594583za200zb894594583&_p=1729148429629&gcd=13l3l3l2l1l1&npa=1&dma_cps=syphamo&dma=1&tag_exp=101686685&cid=1287846147.1729148431&ul=es-es&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&sid=1729148430&sct=1&seg=1&dl=https%3A%2F%2Fcashback.santander.com.mx%2Fpages%2Ferror%2F401&dt=CashBackBaby&_s=2&tfd=8631
Requested by
Host: cashback.santander.com.mx
URL: https://cashback.santander.com.mx/resources/polyfills.1b42a26698a9e158.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/129.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8
Referer
https://cashback.santander.com.mx/

Response headers

cache-control
no-cache, no-store, must-revalidate
pragma
no-cache
cross-origin-resource-policy
cross-origin
access-control-allow-credentials
true
content-security-policy-report-only
script-src 'none'; form-action 'none'; frame-src 'none'; report-uri https://csp.withgoogle.com/csp/scaffolding/ascnsrsggc:136:0
report-to
{"group":"coop_reporting","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/scaffolding/ascnsrsggc:136:0"}],}
expires
Fri, 01 Jan 1990 00:00:00 GMT
access-control-allow-origin
https://cashback.santander.com.mx
cross-origin-opener-policy-report-only
same-origin; report-to=coop_reporting
content-length
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
date
Thu, 17 Oct 2024 07:00:35 GMT
content-type
text/plain
server
Golfe2

Verdicts & Comments Add Verdict or Comment

207 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| dT_ object| dtrum object| dynatrace object| _0x521f function| _0xf521 object| numberA object| webpackChunknginx_cashback function| Zone function| __zone_symbol__Promise function| __zone_symbol__fetch function| __zone_symbol__setTimeout function| __zone_symbol__clearTimeout function| __zone_symbol__setInterval function| __zone_symbol__clearInterval function| __zone_symbol__requestAnimationFrame function| __zone_symbol__cancelAnimationFrame function| __zone_symbol__webkitRequestAnimationFrame function| __zone_symbol__webkitCancelAnimationFrame function| __zone_symbol__alert function| __zone_symbol__prompt function| __zone_symbol__confirm function| __zone_symbol__MutationObserver function| __zone_symbol__WebKitMutationObserver function| __zone_symbol__IntersectionObserver function| __zone_symbol__FileReader boolean| __zone_symbol__ononsearchpatched boolean| __zone_symbol__ononappinstalledpatched boolean| __zone_symbol__ononbeforeinstallpromptpatched boolean| __zone_symbol__ononbeforexrselectpatched boolean| __zone_symbol__ononabortpatched boolean| __zone_symbol__ononbeforeinputpatched boolean| __zone_symbol__ononbeforematchpatched boolean| __zone_symbol__ononbeforetogglepatched boolean| __zone_symbol__ononblurpatched boolean| __zone_symbol__ononcancelpatched boolean| __zone_symbol__ononcanplaypatched boolean| __zone_symbol__ononcanplaythroughpatched boolean| __zone_symbol__ononchangepatched boolean| __zone_symbol__ononclickpatched boolean| __zone_symbol__ononclosepatched boolean| __zone_symbol__ononcontentvisibilityautostatechangepatched boolean| __zone_symbol__ononcontextlostpatched boolean| __zone_symbol__ononcontextmenupatched boolean| __zone_symbol__ononcontextrestoredpatched boolean| __zone_symbol__ononcuechangepatched boolean| __zone_symbol__onondblclickpatched boolean| __zone_symbol__onondragpatched boolean| __zone_symbol__onondragendpatched boolean| __zone_symbol__onondragenterpatched boolean| __zone_symbol__onondragleavepatched boolean| __zone_symbol__onondragoverpatched boolean| __zone_symbol__onondragstartpatched boolean| __zone_symbol__onondroppatched boolean| __zone_symbol__onondurationchangepatched boolean| __zone_symbol__ononemptiedpatched boolean| __zone_symbol__ononendedpatched boolean| __zone_symbol__ononerrorpatched boolean| __zone_symbol__ononfocuspatched boolean| __zone_symbol__ononformdatapatched boolean| __zone_symbol__ononinputpatched boolean| __zone_symbol__ononinvalidpatched boolean| __zone_symbol__ononkeydownpatched boolean| __zone_symbol__ononkeypresspatched boolean| __zone_symbol__ononkeyuppatched boolean| __zone_symbol__ononloadpatched boolean| __zone_symbol__ononloadeddatapatched boolean| __zone_symbol__ononloadedmetadatapatched boolean| __zone_symbol__ononloadstartpatched boolean| __zone_symbol__ononmousedownpatched boolean| __zone_symbol__ononmouseenterpatched boolean| __zone_symbol__ononmouseleavepatched boolean| __zone_symbol__ononmousemovepatched boolean| __zone_symbol__ononmouseoutpatched boolean| __zone_symbol__ononmouseoverpatched boolean| __zone_symbol__ononmouseuppatched boolean| __zone_symbol__ononmousewheelpatched boolean| __zone_symbol__ononpausepatched boolean| __zone_symbol__ononplaypatched boolean| __zone_symbol__ononplayingpatched boolean| __zone_symbol__ononprogresspatched boolean| __zone_symbol__ononratechangepatched boolean| __zone_symbol__ononresetpatched boolean| __zone_symbol__ononresizepatched boolean| __zone_symbol__ononscrollpatched boolean| __zone_symbol__ononsecuritypolicyviolationpatched boolean| __zone_symbol__ononseekedpatched boolean| __zone_symbol__ononseekingpatched boolean| __zone_symbol__ononselectpatched boolean| __zone_symbol__ononslotchangepatched boolean| __zone_symbol__ononstalledpatched boolean| __zone_symbol__ononsubmitpatched boolean| __zone_symbol__ononsuspendpatched boolean| __zone_symbol__onontimeupdatepatched boolean| __zone_symbol__onontogglepatched boolean| __zone_symbol__ononvolumechangepatched boolean| __zone_symbol__ononwaitingpatched boolean| __zone_symbol__ononwebkitanimationendpatched boolean| __zone_symbol__ononwebkitanimationiterationpatched boolean| __zone_symbol__ononwebkitanimationstartpatched boolean| __zone_symbol__ononwebkittransitionendpatched boolean| __zone_symbol__ononwheelpatched boolean| __zone_symbol__ononauxclickpatched boolean| __zone_symbol__onongotpointercapturepatched boolean| __zone_symbol__ononlostpointercapturepatched boolean| __zone_symbol__ononpointerdownpatched boolean| __zone_symbol__ononpointermovepatched boolean| __zone_symbol__ononpointerrawupdatepatched boolean| __zone_symbol__ononpointeruppatched boolean| __zone_symbol__ononpointercancelpatched boolean| __zone_symbol__ononpointeroverpatched boolean| __zone_symbol__ononpointeroutpatched boolean| __zone_symbol__ononpointerenterpatched boolean| __zone_symbol__ononpointerleavepatched boolean| __zone_symbol__ononselectstartpatched boolean| __zone_symbol__ononselectionchangepatched boolean| __zone_symbol__ononanimationendpatched boolean| __zone_symbol__ononanimationiterationpatched boolean| __zone_symbol__ononanimationstartpatched boolean| __zone_symbol__onontransitionrunpatched boolean| __zone_symbol__onontransitionstartpatched boolean| __zone_symbol__onontransitionendpatched boolean| __zone_symbol__onontransitioncancelpatched boolean| __zone_symbol__ononafterprintpatched boolean| __zone_symbol__ononbeforeprintpatched boolean| __zone_symbol__ononbeforeunloadpatched boolean| __zone_symbol__ononhashchangepatched boolean| __zone_symbol__ononlanguagechangepatched boolean| __zone_symbol__ononmessagepatched boolean| __zone_symbol__ononmessageerrorpatched boolean| __zone_symbol__ononofflinepatched boolean| __zone_symbol__onononlinepatched boolean| __zone_symbol__ononpagehidepatched boolean| __zone_symbol__ononpageshowpatched boolean| __zone_symbol__ononpopstatepatched boolean| __zone_symbol__ononrejectionhandledpatched boolean| __zone_symbol__ononstoragepatched boolean| __zone_symbol__ononunhandledrejectionpatched boolean| __zone_symbol__ononunloadpatched boolean| __zone_symbol__onondevicemotionpatched boolean| __zone_symbol__onondeviceorientationpatched boolean| __zone_symbol__onondeviceorientationabsolutepatched boolean| __zone_symbol__ononpageswappatched boolean| __zone_symbol__ononpagerevealpatched boolean| __zone_symbol__ononscrollendpatched boolean| __zone_symbol__ononscrollsnapchangepatched boolean| __zone_symbol__ononscrollsnapchangingpatched function| __zone_symbol__queueMicrotask function| SwiperElementRegisterParams object| __zone_symbol__popstatefalse object| __zone_symbol__hashchangefalse object| dataLayer function| getAngularTestability function| getAllAngularTestabilities function| getAllAngularRootElements object| frameworkStabilizers object| __zone_symbol__resizefalse object| __zone_symbol__orientationchangefalse object| google_tag_manager object| google_tag_data object| __zone_symbol__loadfalse object| urlParams function| extractDomain function| createCookie string| TiktokAnalyticsObject object| ttq boolean| CE_USER_SCRIPT object| CE2 string| CE_USER_SITE_DATA_URL string| CE_USER_DATA_URL object| __zone_symbol__focusfalse object| __zone_symbol__blurfalse object| __zone_symbol__pageshowfalse object| __zone_symbol__pagehidefalse object| gaGlobal string| CE_USER_COMMON_SCRIPT_URL string| CE_USER_THIRDPARTY_SCRIPT_URL object| JSBridge object| Native2JSBridge object| ToutiaoJSBridge function| TiktokJelly object| __zone_symbol__beforeunloadfalse object| __zone_symbol__clicktrue object| __zone_symbol__scrolltrue object| _jelly_sdks object| __zone_symbol__pushState-CL7738BC77UFPNDA5JUGfalse object| __zone_symbol__replaceState-CL7738BC77UFPNDA5JUGfalse object| webpackChunkCE2 object| CE2BH function| CE_URL_FINGERPRINT string| __INDIVIDUAL_ONE_VERSION_ev-store_ENFORCE_SINGLETON object| __zone_symbol__loadtrue object| CE_API object| __zone_symbol__pageshowtrue object| __zone_symbol__messagefalse object| __zone_symbol__visibilitychangetrue object| __zone_symbol__beforeunloadtrue object| __zone_symbol__keydowntrue object| __zone_symbol__mousemovetrue object| __zone_symbol__mousedowntrue object| __zone_symbol__submittrue object| __zone_symbol__pagehidetrue function| __zone_symbol__addEventListener function| __zone_symbol__removeEventListener function| eventListeners function| removeAllListeners

23 Cookies

Domain/Path Name / Value
.santander.com.mx/ Name: dtCookie
Value: v_4_srv_34_sn_569520C67DF6C68FA825553B468A0525_perc_100000_ol_0_mul_1_app-3Aea7c4b59f27d43eb_1_rcs-3Acss_1
cashback.santander.com.mx/ Name: d85d80341ebd7476f25c516e6b18a6df
Value: cbc97ed31674561616a00cdb2afea5a9
.santander.com.mx/ Name: visid_incap_3038381
Value: Jmr0RJlFQDOOkhtPntQEygq2EGcAAAAAQUIPAAAAAACJBCQdSgVkpelRZK1I8pq5
.santander.com.mx/ Name: nlbi_3038381
Value: tivVROrMk1gmx0vWQxG6TwAAAABcaXi1QTaGopPQWcoPOnvZ
.santander.com.mx/ Name: incap_ses_1311_3038381
Value: khu8E7tnpQ11M1KAtZsxEgu2EGcAAAAAOFPI7Koogq4QxzL2uC7M1Q==
.santander.com.mx/ Name: rxVisitor
Value: 1729148429028JFR26HPTP78NQRBHCB6IS9F4VPAVS10K
.santander.com.mx/ Name: dtSa
Value: -
.santander.com.mx/ Name: _gcl_au
Value: 1.1.1330173208.1729148430
cashback.santander.com.mx/ Name: attr_source_cookie
Value: direct
.tiktok.com/ Name: _ttp
Value: 2nYSHpaXwdDEWlYkbq9wxRt3Nvq
.santander.com.mx/ Name: _ga
Value: GA1.1.1287846147.1729148431
.santander.com.mx/ Name: _ga_2EZ108TPQX
Value: GS1.1.1729148430.1.1.1729148430.60.0.0
.santander.com.mx/ Name: _tt_enable_cookie
Value: 1
.santander.com.mx/ Name: _ttp
Value: 5VWuKxHz_Giw8LtqNloPWtmtp5I
.santander.com.mx/ Name: cebs
Value: 1
.santander.com.mx/ Name: _ce.clock_event
Value: 1
.santander.com.mx/ Name: rxvt
Value: 1729150231351|1729148429031
.santander.com.mx/ Name: dtPC
Value: 34$548429021_27h-vEAFOSAKWPRGWVKJNKKJJJHUAQHRHATIM-0e0
.santander.com.mx/ Name: _ce.clock_data
Value: 49%2C185.183.106.155%2C1%2Ccd70ceeb4a1768030b1882c90242a428%2CChrome%2CES
.santander.com.mx/ Name: _CEFT
Value: Q%3D%3D%3D
.santander.com.mx/ Name: cebsp_
Value: 1
.santander.com.mx/ Name: _ce.s
Value: v~7eabc37abf3a5b34c5b421c594b6f41e35acc4df~lcw~1729148431489~vir~new~lva~1729148431228~vpv~0~v11.cs~423145~v11.s~7fbbaf10-8c55-11ef-92fe-45106560850f~lcw~1729148431490
cashback.santander.com.mx/ Name: ADC_Session
Value: !8pwdgeKeEjaQSEK0oAD0qxCB4iXTBQyTHsc2yAcaz14G0QPhcz/dLC/31R/8rpPLZyXFtuLS8mpH/Q==

15 Console Messages

Source Level URL
Text
security error URL: https://www.googletagmanager.com/
Message:
[Report Only] Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
security error URL: https://www.googletagmanager.com/
Message:
Refused to frame 'https://www.googletagmanager.com/' because it violates the following Content Security Policy directive: "default-src 'self'". Note that 'frame-src' was not explicitly set, so 'default-src' is used as a fallback.
network error URL: https://cashback.santander.com.mx/assets/fonts/santander/SantanderText-Bold.woff2
Message:
Failed to load resource: net::ERR_CONNECTION_CLOSED
network error URL: https://cashback.santander.com.mx/error
Message:
Failed to load resource: the server responded with a status of 403 ()
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').
security warning URL: https://www.googletagmanager.com/gtm.js?id=GTM-W33LPS5(Line 464)
Message:
Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('https://www.googletagmanager.com') does not match the recipient window's origin ('null').

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy script-src * 'unsafe-inline' 'unsafe-eval' 'self'; style-src * 'unsafe-inline'; img-src * data:; connect-src *; font-src *; default-src 'self';
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN DENY
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.tiktok.com
cashback.santander.com.mx
region1.analytics.google.com
script.crazyegg.com
stats.g.doubleclick.net
tracking.crazyegg.com
www.google.es
www.googletagmanager.com
104.126.37.129
104.19.147.8
2001:4860:4802:32::36
2a00:1450:4001:810::2003
2a00:1450:4001:82f::2008
2a00:1450:400c:c00::9a
45.60.197.69
54.216.146.88
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
1fb373308af9bd2f4c2f81f963ef950c2a0e2fadf5b139a08617368afa906fb6
27e88a4eb8816c793a911514ea3f66d980e5fe69f47116c233a6eb59275f5ab0
29d6b32f545f36a29ab83a4be5f92d4ebfb43a6dcc6457f7681a8478e5e8ea6c
3009534424dd1bb6150df0abb80490427a6f8716c42f2b5450e46bf57b074cd4
31af5f9bd9e220d0221b5758621adf004a65bac662eb24d44153d39a2af39503
3ea2a1c44caddb672fad2f2cf72e8b828cd2e1ddb099f10b7f72f1f93121d945
45ad433b6cfb142302c57d16d171ab5fb6fa2233ea20a80783a494252e85aa2b
4795191e480062b52b217ff734f4a3464c9f001779b105fbc2d98ff9d5b37826
4ab822ad101fc8f9676ef6dba5c074982ea233d98b3fff5bb3ab73789305f198
4e9f6a80a2c5e548c6cdb6ab88151d457a77c8f33a626b3153aed2846b59a56a
4ec1999d3162107816ae5c48d7e9f07cb86501f0aaf9c2ae23a85aed33990d4b
5c444cc35b67d5d43c90f5fb4c1e40e6cb4b89b67f0ba17d9c54c8c3467799a3
637de24dfd2716c495cec7cc681dc1347398f82d722baaff351d3e7f64b45f05
7701282ea59743a1d336ee5ede4e6805ca9572c28ad013fa956fb39f18de0d69
79951b5bd4d729a2b2f4d380819f2c14bbcf26f21db56a520189633467766cf4
821f55ca3b3c7fedf6d62899897fc2ff30b616ac455f1aa8cc3c33585856a47d
82c06f3f952ccc7bbdfdecf5ce68b767abf12fc4b153e62aca2f840f7d6ffdcb
850b42447426e232e97c525df9bc3ac34a1c18d888c70b771d400306bfa4b954
86e71be9fa7da2097c0e0d8281b04fb1b04512d2e6c5e0a36bccb62f99366f94
9598e291a1015e2151d3a0a9b0623b1f1e5e614186cb867ffb39dd79ca44385a
9daa68250006c1e9237f47d5816563e82a41a326d9ee1c20a02b533d81779030
a943dd554f4ad23b5e961e6260e84a3d4f2689fc5f076c59c396d87014a81c02
aa1d3b874d16a1f5ddfeb112384c7adea4888e47ef85eb9c15b4a8c444608365
acb2f824d3b306fa87fdec9e8105244ff480fb6567053d78e65bade509ae2266
b1aa2de49c36bccfc0bb74efeb6fe3865b259071c3bd377a103a3a3d32ee90e5
b52f820f8daab7925de8ab9ca30c5f837d9126d6cb553258e46f4443eef6ea60
b9049ef97f8ff43dd02b8792daf059bd7f8558097baf73daa32a84b9cb44a8b1
b9c635dea9a1df68df50ff40f6816d6a8472d75dd6e174c3b5ab7999bf418e5a
bc89928766168f1a5b61020c2047f7f14eae97354cc3449537f2d39c19950110
d24e99fb22e2846e526512495c44dde9946dad8bb200b93952dbb4c96d3718ac
d39ef13a6813ac60808836b738207e409edd712b8ec4b9c8a8d05ad1012df5f1
d47719bf15cd65885a7874513fae908ab1310cce2e03dec293cbb566ad420cb5
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e40e13d6145c23fffcc7584a15076d76c690fa6cdb5c6b07f97912c0dbf83bd9
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
ee6b76a0fa965b1bebde4c11da53f83651b7d91ef9156ab89f256947255765e1
eea713e829d062c466112eb11bfbae0d89d3e05bd4cd36dd1b4658ec7879e11b
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f4ec0bbfa2c53e3c381f4faf8f5b2fa0249cb8738e7b7182a29e8c5766a1e844
f98d1bede61d9ab91b85b8ee5f4108b7b1db18c317ae8b0dbd84c7f3c5a31593
ffe1667b4eebbdd155d715cbaaf34b961a018ac549ec894b6a3967d32442034a