urlscan.io logo urlscan.io
SecurityTrails logo

my.fisherfunds.co.nz Open in urlscan Pro
2606:4700::6813:d061  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://secure.kiwiwealth.co.nz/
Effective URL: https://my.fisherfunds.co.nz/
Submission: On August 10 via automatic, source certstream-suspicious — Scanned from NZ
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 17 IPs in 4 countries across 15 domains to perform 41 HTTP transactions. The main IP is 2606:4700::6813:d061, located in United States and belongs to CLOUDFLARENET, US. The main domain is my.fisherfunds.co.nz.
TLS certificate: Issued by DigiCert Global G2 TLS RSA SHA256 202... on July 30th 2024. Valid for: a year.
This is the only time my.fisherfunds.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 1 104.18.27.188 13335 (CLOUDFLAR...)
1 1 104.18.26.188 13335 (CLOUDFLAR...)
15 2606:4700::68... 13335 (CLOUDFLAR...)
1 18.67.110.104 16509 (AMAZON-02)
3 2404:6800:400... 15169 (GOOGLE)
1 2606:2800:147... 15133 (EDGECAST)
5 2001:4860:480... 15169 (GOOGLE)
1 108.158.32.86 16509 (AMAZON-02)
2 2a03:2880:f01... 32934 (FACEBOOK)
2 104.74.38.208 16625 (AKAMAI-AS)
2 108.158.32.59 16509 (AMAZON-02)
1 2607:f8b0:400... 15169 (GOOGLE)
1 2404:6800:400... 15169 (GOOGLE)
1 142.250.204.3 15169 (GOOGLE)
1 18.65.244.52 16509 (AMAZON-02)
2 2a03:2880:f11... 32934 (FACEBOOK)
2 20.213.196.212 8075 (MICROSOFT...)
1 52.48.14.101 ()
41 17
1    104.18.27.188 (None, )

ASN13335 (CLOUDFLARENET, US)
secure.kiwiwealth.co.nz
1    104.18.26.188 (None, )

ASN13335 (CLOUDFLARENET, US)
my.kiwiwealth.co.nz
15    2606:4700::6813:d061 (United States)

ASN13335 (CLOUDFLARENET, US)
my.fisherfunds.co.nz
1    18.67.110.104 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-110-104.syd62.r.cloudfront.net
downloads.atomic.io
3    2404:6800:4006:80f::2008 (Sydney, Australia)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
1    2606:2800:147:120f:30c:1ba0:fc6:265a (United States)

ASN15133 (EDGECAST, US)
az416426.vo.msecnd.net
5    2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
1    108.158.32.86 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-158-32-86.syd3.r.cloudfront.net
static.hotjar.com
2    2a03:2880:f019:116:face:b00c:0:3 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
connect.facebook.net
2    104.74.38.208 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a104-74-38-208.deploy.static.akamaitechnologies.com
munchkin.marketo.net
2    108.158.32.59 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-108-158-32-59.syd3.r.cloudfront.net
script.hotjar.com
1    2607:f8b0:4007:815::200e (United States)

ASN15169 (GOOGLE, US)
analytics.google.com
1    2404:6800:4003:c1a::9a (Singapore, Singapore)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    142.250.204.3 (United States)

ASN15169 (GOOGLE, US)
PTR: syd09s25-in-f3.1e100.net
www.google.co.nz
1    18.65.244.52 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-65-244-52.syd3.r.cloudfront.net
vc.hotjar.io
2    2a03:2880:f119:8083:face:b00c:0:25de (Sydney, Australia)

ASN32934 (FACEBOOK, US)
www.facebook.com
2    20.213.196.212 (Sydney, Australia)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)
dc.services.visualstudio.com
1    52.48.14.101 (None, )

ASN- ()
metrics.hotjar.io
Apex Domain
Subdomains		 Transfer
15 fisherfunds.co.nz
my.fisherfunds.co.nz
807 KB
5 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 104
21 KB
3 hotjar.com
static.hotjar.com — Cisco Umbrella Rank: 1335
script.hotjar.com — Cisco Umbrella Rank: 2017
63 KB
3 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 112
309 KB
2 visualstudio.com
dc.services.visualstudio.com — Cisco Umbrella Rank: 853
200 B
2 facebook.com
www.facebook.com — Cisco Umbrella Rank: 108
4 KB
2 hotjar.io
vc.hotjar.io — Cisco Umbrella Rank: 4716
metrics.hotjar.io
311 B
2 marketo.net
munchkin.marketo.net — Cisco Umbrella Rank: 8471
6 KB
2 facebook.net
connect.facebook.net — Cisco Umbrella Rank: 236
75 KB
2 kiwiwealth.co.nz
secure.kiwiwealth.co.nz
my.kiwiwealth.co.nz
718 B
1 google.co.nz
www.google.co.nz — Cisco Umbrella Rank: 20621
63 B
1 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 252
258 B
1 google.com
analytics.google.com — Cisco Umbrella Rank: 238
1 msecnd.net
az416426.vo.msecnd.net — Cisco Umbrella Rank: 5485
22 KB
1 atomic.io
downloads.atomic.io
35 KB
41 15
Domain Requested by
15 my.fisherfunds.co.nz my.fisherfunds.co.nz
5 www.google-analytics.com www.googletagmanager.com
my.fisherfunds.co.nz
az416426.vo.msecnd.net
3 www.googletagmanager.com my.fisherfunds.co.nz
www.googletagmanager.com
2 dc.services.visualstudio.com az416426.vo.msecnd.net
2 www.facebook.com my.fisherfunds.co.nz
2 script.hotjar.com static.hotjar.com
script.hotjar.com
2 munchkin.marketo.net my.fisherfunds.co.nz
munchkin.marketo.net
2 connect.facebook.net my.fisherfunds.co.nz
connect.facebook.net
1 metrics.hotjar.io static.hotjar.com
1 vc.hotjar.io az416426.vo.msecnd.net
1 www.google.co.nz my.fisherfunds.co.nz
1 stats.g.doubleclick.net www.googletagmanager.com
1 analytics.google.com my.fisherfunds.co.nz
1 static.hotjar.com my.fisherfunds.co.nz
1 az416426.vo.msecnd.net my.fisherfunds.co.nz
1 downloads.atomic.io my.fisherfunds.co.nz
1 my.kiwiwealth.co.nz 1 redirects
1 secure.kiwiwealth.co.nz 1 redirects
41 18

This site contains links to these domains. Also see Links.

Domain
fisherfunds.co.nz
Subject Issuer Validity Valid
*.fisherfunds.co.nz
DigiCert Global G2 TLS RSA SHA256 2020 CA1		 2024-07-30 -
2025-08-30		 a year crt.sh
atomic.io
Amazon RSA 2048 M02		 2024-03-05 -
2025-04-02		 a year crt.sh
*.google-analytics.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.vo.msecnd.net
DigiCert SHA2 Secure Server CA		 2024-06-06 -
2025-06-06		 a year crt.sh
*.hotjar.com
Amazon RSA 2048 M03		 2024-05-22 -
2025-06-20		 a year crt.sh
*.facebook.com
DigiCert SHA2 High Assurance Server CA		 2024-05-19 -
2024-08-17		 3 months crt.sh
*.marketo.net
DigiCert TLS RSA SHA256 2020 CA1		 2023-12-08 -
2024-12-11		 a year crt.sh
*.google.com
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.g.doubleclick.net
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.google.co.nz
WR2		 2024-07-30 -
2024-10-22		 3 months crt.sh
*.hotjar.io
Amazon ECDSA 256 M02		 2024-02-07 -
2025-03-08		 a year crt.sh
prod.ai.ingestion.msftcloudes.com
Microsoft Azure RSA TLS Issuing CA 03		 2024-06-24 -
2025-06-19		 a year crt.sh

This page contains 1 frames:

Primary Page: https://my.fisherfunds.co.nz/
Frame ID: A759573A93D33B99157AE014409E7D56
Requests: 41 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Login | Fisher Funds

Page URL History Show full URLs

  1. https://secure.kiwiwealth.co.nz/ HTTP 301
    https://my.kiwiwealth.co.nz/ HTTP 301
    https://my.fisherfunds.co.nz/ Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • //connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js
Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtm\.js
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • //static\.hotjar\.com/
Overall confidence: 100%
Detected patterns
  • munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

Page Statistics

41
Requests

100 %
HTTPS

44 %
IPv6

15
Domains

18
Subdomains

17
IPs

4
Countries

1344 kB
Transfer

4256 kB
Size

13
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://secure.kiwiwealth.co.nz/ HTTP 301
    https://my.kiwiwealth.co.nz/ HTTP 301
    https://my.fisherfunds.co.nz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

41 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request /
my.fisherfunds.co.nz/
Redirect Chain
  • https://secure.kiwiwealth.co.nz/
  • https://my.kiwiwealth.co.nz/
  • https://my.fisherfunds.co.nz/
5 KB
4 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
33f7f82239092fb4ca880e5879d6d43f42bb6f4cbc99d6f6da45f3d01d50efb2
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

cache-control
no-cache
cf-cache-status
DYNAMIC
cf-ray
8b0dbecf787a50a8-AKL
content-encoding
gzip
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
content-type
text/html; charset=utf-8
date
Sat, 10 Aug 2024 05:56:54 GMT
last-modified
Fri, 19 Jul 2024 02:21:52 GMT
server
cloudflare
strict-transport-security
max-age=31536000
vary
Accept-Encoding
x-content-type-options
nosniff
x-frame-options
SAMEORIGIN
x-nginx
MISS
x-xss-protection
1; mode=block

Redirect headers

cache-control
max-age=3600
cf-ray
8b0dbece6a9150bf-AKL
content-length
167
content-type
text/html
date
Sat, 10 Aug 2024 05:56:54 GMT
expires
Sat, 10 Aug 2024 06:56:54 GMT
location
https://my.fisherfunds.co.nz/
server
cloudflare
vary
Accept-Encoding
8.dacd8f1d.chunk.css
my.fisherfunds.co.nz/static/css/ 		118 KB
25 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0efb02954cf3d72ff4d67e90c8ef215db767b06156ecdea67dd412582a91cc03
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
content-encoding
gzip
age
8586230
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Mon, 08 Apr 2024 02:38:05 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8b0dbed029aa50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
main.7ceae3c4.chunk.css
my.fisherfunds.co.nz/static/css/ 		54 KB
13 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/css/main.7ceae3c4.chunk.css
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
d572237a09d748a6094d286148fe3f4d1ae6cecb612d76ddc8efcfd1d6e686ef
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
content-encoding
gzip
age
1913660
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
vary
Accept-Encoding
x-frame-options
SAMEORIGIN
content-type
text/css
cache-control
public, max-age=31536000
cf-ray
8b0dbed029af50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
sdk.js
downloads.atomic.io/web-sdk/release/1.6.1/ 		124 KB
35 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://downloads.atomic.io/web-sdk/release/1.6.1/sdk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.67.110.104 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-67-110-104.syd62.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
29dfd5511d1fb658a1da4cb2e60345034cb1029fe301d241b7f855a02f545a09
Security Headers
Name Value
Content-Security-Policy report-uri https://routing-api.atomic.io/workbench-csp/report-enforced; default-src *.atomic.io; script-src *.atomic.io 'unsafe-eval' 'self' https://js.hs-analytics.net https://js.hs-scripts.com; object-src 'none'; child-src 'none'; frame-src blob:; worker-src 'self'; connect-src wss://50-9.client-api.atomic.io https://*.bugsnag.com https://js.hs-scripts.com https://track.hubspot.com https://*.atomic.io https://master-atomic-io.auth.us-east-1.amazoncognito.com https://cognito-idp.us-east-1.amazonaws.com https://637411d3-master-file-upload-scan-quarantine.s3.amazonaws.com https://637411d3-master-file-upload-scan-quarantine.s3.us-east-1.amazonaws.com; style-src 'unsafe-inline' *.atomic.io; font-src * data:; img-src * data:; media-src * data:; form-action 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests;
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-amz-version-id
vam5iQ4je77H8_niGvcYJY3m.H0IneEk
content-encoding
gzip
via
1.1 bc177ce25ddc555a7d303bc4d290a6ec.cloudfront.net (CloudFront)
date
Sat, 10 Aug 2024 01:49:28 GMT
x-content-type-options
nosniff
content-security-policy
report-uri https://routing-api.atomic.io/workbench-csp/report-enforced; default-src *.atomic.io; script-src *.atomic.io 'unsafe-eval' 'self' https://js.hs-analytics.net https://js.hs-scripts.com; object-src 'none'; child-src 'none'; frame-src blob:; worker-src 'self'; connect-src wss://50-9.client-api.atomic.io https://*.bugsnag.com https://js.hs-scripts.com https://track.hubspot.com https://*.atomic.io https://master-atomic-io.auth.us-east-1.amazoncognito.com https://cognito-idp.us-east-1.amazonaws.com https://637411d3-master-file-upload-scan-quarantine.s3.amazonaws.com https://637411d3-master-file-upload-scan-quarantine.s3.us-east-1.amazonaws.com; style-src 'unsafe-inline' *.atomic.io; font-src * data:; img-src * data:; media-src * data:; form-action 'none'; base-uri 'self'; frame-ancestors 'self'; upgrade-insecure-requests;
x-amz-cf-pop
SYD62-P2
age
14847
x-amz-server-side-encryption
AES256
strict-transport-security
max-age=31536000; includeSubDomains
x-cache
Hit from cloudfront
last-modified
Mon, 14 Aug 2023 20:53:26 GMT
server
AmazonS3
etag
W/"28e719781c8b1f7492ddc9cc9c6b74e0"
vary
accept-encoding
content-type
application/javascript
x-amz-cf-id
L9uyHrcG23XNd-MgYVYJoBLEBtvHZ1ozZXyrwhl4KJlPDEDSpSuDyA==
8.b2b8bb8d.chunk.js
my.fisherfunds.co.nz/static/js/ 		1 MB
418 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/js/8.b2b8bb8d.chunk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5cbcee637a3e04c1acb8bc7b451289442d828c1dc672bf63ad603a3e53da8e23
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
1913660
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8b0dbed039b250a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
main.c56f4925.chunk.js
my.fisherfunds.co.nz/static/js/ 		300 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/js/main.c56f4925.chunk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
45380efd4fa4471f4b8206826eb482ad3bf9aa1ce0c044b719774233646fa171
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
1913660
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8b0dbed039b350a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
gtm.js
www.googletagmanager.com/ 		301 KB
104 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtm.js?id=GTM-WTW9HHG
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80f::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
1d0ee80f98c224013dabb143f9819c5ec48dc67d1ce830f2a598e70c4b3c8b55
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
106011
x-xss-protection
0
last-modified
Sat, 10 Aug 2024 03:00:00 GMT
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Sat, 10 Aug 2024 05:56:54 GMT
ai.0.js
az416426.vo.msecnd.net/scripts/a/ 		94 KB
22 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2606:2800:147:120f:30c:1ba0:fc6:265a , United States, ASN15133 (EDGECAST, US),
Reverse DNS
Software
ECAcc (nwa/E79C) /
Resource Hash
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-ms-blob-type
BlockBlob
date
Sat, 10 Aug 2024 05:56:54 GMT
content-encoding
gzip
x-ms-meta-lastmodified
2020-10-01 19:31:04
content-md5
HdY95yzx9wIyQkVEGES+Ew==
age
1532
x-cache
HIT
content-length
22495
x-ms-lease-status
unlocked
last-modified
Thu, 11 Mar 2021 07:46:59 GMT
server
ECAcc (nwa/E79C)
etag
0x8D8E461DA1A5889
vary
Accept-Encoding
content-type
application/x-javascript
access-control-allow-origin
*
x-ms-request-id
a65a856c-501e-004b-77e6-ead112000000
access-control-expose-headers
x-ms-request-id,Server,x-ms-version,Content-Length,Date,Transfer-Encoding
cache-control
public, max-age=1800
x-ms-version
2009-09-19
expires
Sat, 10 Aug 2024 06:26:54 GMT
2.d51cf685.chunk.js
my.fisherfunds.co.nz/static/js/ 		106 KB
32 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/js/2.d51cf685.chunk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
9d0a7e5439a18c5f8cf2587232ca73691e5c8c5a7aceb0a0c9df830d14bc0c6c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
1913660
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8b0dbed27e8250a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
1.5f12e827.chunk.js
my.fisherfunds.co.nz/static/js/ 		242 KB
58 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/js/1.5f12e827.chunk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
bbdb3c36ecde60df0d9631175cd7106f72f8cc6ee1e712e9ecb69d9d1735b3f3
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
1913660
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8b0dbed27e8b50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
11.6704de9f.chunk.js
my.fisherfunds.co.nz/static/js/ 		732 B
476 B 		Script
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/js/11.6704de9f.chunk.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0588c842a7fe51b66095cb32907a9964b9b50499683633beb02b0b72f29623d1
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
1913660
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Fri, 19 Jul 2024 02:21:53 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
cache-control
public, max-age=31536000
cf-ray
8b0dbed27e8d50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
MetricWeb-Medium.50f600a0.woff2
my.fisherfunds.co.nz/static/media/ 		37 KB
37 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/media/MetricWeb-Medium.50f600a0.woff2
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
cd88b6984d1fc3ce763c4678b745ee6894d8a4e7ee9221629c242cb3697f1e34
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Origin
https://my.fisherfunds.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 05:56:54 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
cf-cache-status
HIT
age
8595801
x-nginx
MISS
content-length
37665
x-xss-protection
1; mode=block
last-modified
Tue, 19 Mar 2024 17:14:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b0dbed28eae50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
extend-session
my.fisherfunds.co.nz/api/ 		61 B
970 B 		Fetch
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/api/extend-session
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/js/8.b2b8bb8d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
4a537aed91a1446bd6954dfd8e549b57c59329aebba0235ef370c37523f7d008
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io https://*.intercom.io https://js.intercomcdn.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://js.intercomcdn.com data:; img-src 'self' https://static.intercomassets.com https://*.intercomcdn.com https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com data:;

Request headers

RequestVerificationToken
undefined
Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
application/json

Response headers

request-context
appId=cid-v1:15f41aa3-d500-48ff-ab85-921fe43480bb
pragma
no-cache
date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' wss://nexus-websocket-a.intercom.io https://*.intercom.io https://js.intercomcdn.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://js.intercomcdn.com data:; img-src 'self' https://static.intercomassets.com https://*.intercomcdn.com https://www.google-analytics.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com data:;
cf-cache-status
DYNAMIC
server
cloudflare
content-type
application/json; charset=utf-8
access-control-expose-headers
Request-Context
cache-control
no-cache
cf-ray
8b0dbed28e9f50a8-AKL
content-length
61
expires
-1
fisher-funds-logo.dd1898cb.svg
my.fisherfunds.co.nz/static/media/ 		10 KB
5 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://my.fisherfunds.co.nz/static/media/fisher-funds-logo.dd1898cb.svg
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
31054f4df33d690c8505c39b9dc30314b70ebe2d6ccb510ad399da085e9eefe9
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/login?returnUrl=/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:54 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
cf-cache-status
HIT
age
8586229
content-encoding
gzip
x-nginx
MISS
x-xss-protection
1; mode=block
last-modified
Tue, 19 Mar 2024 17:14:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/svg+xml
cache-control
public, max-age=31536000
cf-ray
8b0dbed33ff350a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
MetaSerifWebPro-Medium.c9e8bdd1.woff
my.fisherfunds.co.nz/static/media/ 		75 KB
75 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/media/MetaSerifWebPro-Medium.c9e8bdd1.woff
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
8db3eac2e2cdbbc64d815ad21734de6abbc701d2bd9b2172ea611f9c0c72f1d5
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Origin
https://my.fisherfunds.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 05:56:54 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
cf-cache-status
HIT
age
8586146
x-nginx
HIT
content-length
76296
x-xss-protection
1; mode=block
last-modified
Mon, 08 Apr 2024 02:38:06 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b0dbed3787e50a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
truncated
/ 		303 B
0 		Image
General
Check archive.org
Download Go to Show image
Full URL
data:truncated
Protocol
DATA
Server
-, , ASN (),
Reverse DNS
Software
/
Resource Hash
7d4abeb4e1909ecd4db5de150cc6c620937df52b1967f9dded3aee184d8c9d27

Request headers

Referer
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Content-Type
image/svg+xml
MetricWeb-Regular.f35a51d7.woff2
my.fisherfunds.co.nz/static/media/ 		39 KB
39 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/media/MetricWeb-Regular.f35a51d7.woff2
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
13ae6cbc8c269019c0a1c379dd4db8e805130f2e55f8e86c1490bed4da62957f
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Origin
https://my.fisherfunds.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 05:56:54 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
cf-cache-status
HIT
age
3242441
x-nginx
MISS
content-length
39781
x-xss-protection
1; mode=block
last-modified
Tue, 19 Mar 2024 17:14:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b0dbed3788550a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
MetricWeb-Semibold.96a0880a.woff2
my.fisherfunds.co.nz/static/media/ 		40 KB
40 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/static/media/MetricWeb-Semibold.96a0880a.woff2
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e4c6c2b2620b9aaf65aa1aa6f4b2846d1f7e8b1e4c255c28d7fb065cdd90a378
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/static/css/8.dacd8f1d.chunk.css
Origin
https://my.fisherfunds.co.nz
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 05:56:54 GMT
x-content-type-options
nosniff
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
cf-cache-status
HIT
age
3253390
x-nginx
HIT
content-length
40809
x-xss-protection
1; mode=block
last-modified
Tue, 19 Mar 2024 17:14:38 GMT
server
cloudflare
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
application/octet-stream
cache-control
public, max-age=31536000
accept-ranges
bytes
cf-ray
8b0dbed3788950a8-AKL
expires
Sun, 10 Aug 2025 05:56:54 GMT
js
www.googletagmanager.com/gtag/ 		293 KB
98 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-0NJE8CCJTD&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WTW9HHG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80f::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
337ad0a4120336e6c7c3a25f6d8cfb712f73a4818f942fc2cc1dc6d2753249e2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
99861
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 10 Aug 2024 05:56:55 GMT
js
www.googletagmanager.com/gtag/ 		332 KB
108 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=G-NZNYX5X33S&l=dataLayer&cx=c
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WTW9HHG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4006:80f::2008 Sydney, Australia, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
6caf1000516d2b335c5df0003b58df135c8871870766b3d5f1c69b1c1f22ae1a
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:55 GMT
content-encoding
br
strict-transport-security
max-age=31536000; includeSubDomains
server
Google Tag Manager
vary
Accept-Encoding
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
access-control-allow-headers
Cache-Control
content-length
110075
x-xss-protection
0
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires
Sat, 10 Aug 2024 05:56:55 GMT
analytics.js
www.google-analytics.com/ 		52 KB
21 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-WTW9HHG
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=31536000; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 04:01:48 GMT
last-modified
Tue, 12 Dec 2023 18:09:08 GMT
server
Golfe2
age
6907
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
20994
expires
Sat, 10 Aug 2024 06:01:48 GMT
hotjar-1362987.js
static.hotjar.com/c/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://static.hotjar.com/c/hotjar-1362987.js?sv=6
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.32.86 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-32-86.syd3.r.cloudfront.net
Software
/
Resource Hash
9ba322f4f398fc0751784f6dea130cb4c5232bf06ee05eb2610dec108afc403a
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

strict-transport-security
max-age=2592000; includeSubDomains
content-encoding
br
x-content-type-options
nosniff
date
Sat, 10 Aug 2024 05:56:55 GMT
via
1.1 a082000327c728caebeae45146987f26.cloudfront.net (CloudFront)
x-amz-cf-pop
SYD3-P2
etag
W/3f756a22240c1f1317f7212804b1cb42
vary
Accept-Encoding
x-cache
RefreshHit from cloudfront
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
x-cache-hit
1
cache-control
max-age=60
cross-origin-resource-policy
cross-origin
x-amz-cf-id
E9sJg0y5gn7uCZbp7ZukU5sz00a76KrSIIpbLhMLkxH639brupvZ4A==
fbevents.js
connect.facebook.net/en_US/ 		225 KB
60 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/en_US/fbevents.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f019:116:face:b00c:0:3 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 10 Aug 2024 05:56:55 GMT
document-policy
force-load-at-top
x-fb-server-load
30
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
58865
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
MODERATE; q=0.3, rtt=186, rtx=0, c=12, mss=1368, tbw=2779, tp=-1, tpl=-1, uplat=0, ullat=-1
pragma
public
x-fb-debug
DDukJ9XfecQLBQIDK0WETJfVSqv51a0K9q9m7ofP/ol5vOil6gW0OnXYEKDZGD39hMScxuwMWF7oDP5QZsp58A==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
munchkin.js
munchkin.marketo.net/ 		1 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/munchkin.js
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.74.38.208 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-74-38-208.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 10 Aug 2024 05:56:55 GMT
Content-Encoding
gzip
Last-Modified
Fri, 17 Mar 2023 01:24:48 GMT
Server
AkamaiNetStorage
ETag
"cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
729
munchkin.js
munchkin.marketo.net/163/ 		11 KB
5 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://munchkin.marketo.net/163/munchkin.js
Requested by
Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
104.74.38.208 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a104-74-38-208.deploy.static.akamaitechnologies.com
Software
AkamaiNetStorage /
Resource Hash
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

Date
Sat, 10 Aug 2024 05:56:55 GMT
Content-Encoding
gzip
Last-Modified
Fri, 06 Jan 2023 02:26:40 GMT
Server
AkamaiNetStorage
ETag
"ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary
Accept-Encoding
Content-Type
application/x-javascript
P3P
policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control
max-age=8640000
Connection
keep-alive
Accept-Ranges
bytes
Content-Length
4741
Expires
Mon, 18 Nov 2024 05:56:55 GMT
modules.8da33a8f469c3b5ffcec.js
script.hotjar.com/ 		223 KB
56 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1362987.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.32.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-32-59.syd3.r.cloudfront.net
Software
/
Resource Hash
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Tue, 30 Jul 2024 14:23:07 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2886e4c3f0ae51eca00bc6ca8a0f5226.cloudfront.net (CloudFront)
x-amz-cf-pop
SYD3-P2
age
920029
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
56385
last-modified
Tue, 30 Jul 2024 14:22:40 GMT
etag
"0728625a147ca79276a1790b9cf3175d"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
7cDaEasxjHHI13JZ6jV2zFE8QeIyGhPzbKlL8UwRad6JKEjoHThZmQ==
collect
analytics.google.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://analytics.google.com/g/collect?v=2&tid=G-0NJE8CCJTD&gtm=45je4880v872855478z8810189486za200zb810189486&_p=1723269414447&_gaz=1&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1597846909.1723269416&ul=en-nz&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723269416&sct=1&seg=0&dl=https%3A%2F%2Fmy.fisherfunds.co.nz%2Flogin%3FreturnUrl%3D%2F&dt=Login%20%7C%20Fisher%20Funds&en=page_view&_fv=1&_nsi=1&_ss=1&ep.path_clean=%2Flogin&tfd=2190
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/js/8.b2b8bb8d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4007:815::200e , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:56:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.fisherfunds.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/g/ 		0
258 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/g/collect?v=2&tid=G-0NJE8CCJTD&cid=1597846909.1723269416&gtm=45je4880v872855478z8810189486za200zb810189486&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0NJE8CCJTD&l=dataLayer&cx=c
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2404:6800:4003:c1a::9a Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:56:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.fisherfunds.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.co.nz/ads/ 		42 B
63 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.co.nz/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-0NJE8CCJTD&cid=1597846909.1723269416&gtm=45je4880v872855478z8810189486za200zb810189486&aip=1&dma=0&gcd=13l3l3l3l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=1593020743
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H3
Security
QUIC, , AES_128_GCM
Server
142.250.204.3 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
syd09s25-in-f3.1e100.net
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:56:56 GMT
x-content-type-options
nosniff
server
cafe
content-type
image/gif
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
timing-allow-origin
*
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/g/ 		0
0 		Fetch
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/g/collect?v=2&tid=G-NZNYX5X33S&gtm=45je4880v892599788z8810189486za200zb810189486&_p=1723269414447&gcd=13l3l3l3l1&npa=0&dma=0&tag_exp=0&cid=1597846909.1723269416&ul=en-nz&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&frm=0&pscdl=noapi&_s=1&sid=1723269416&sct=1&seg=0&dl=https%3A%2F%2Fmy.fisherfunds.co.nz%2Flogin%3FreturnUrl%3D%2F&dt=Login%20%7C%20Fisher%20Funds&en=page_view&_fv=1&_ss=1&ep.path_clean=%2Flogin&tfd=2289
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/static/js/8.b2b8bb8d.chunk.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:56:56 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.fisherfunds.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		3 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j101&a=758555324&t=pageview&_s=1&dl=https%3A%2F%2Fmy.fisherfunds.co.nz%2Flogin%3FreturnUrl%3D%2F&ul=en-nz&de=UTF-8&dt=Login%20%7C%20Fisher%20Funds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=904410120&gjid=751497576&cid=1597846909.1723269416&tid=UA-1051181-16&_gid=408136976.1723269416&_r=1&_slc=1&gtm=45He4880n81WTW9HHGv810189486za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=80816384
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Sat, 10 Aug 2024 05:56:56 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://my.fisherfunds.co.nz
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
3
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
194 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=758555324&t=pageview&_s=1&dl=https%3A%2F%2Fmy.fisherfunds.co.nz%2Flogin%3FreturnUrl%3D%2F&dp=%2F%2F&ul=en-nz&de=UTF-8&dt=Login%20%7C%20Fisher%20Funds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=&gjid=&cid=1597846909.1723269416&tid=UA-1051181-16&_gid=408136976.1723269416&gtm=45He4880n81WTW9HHGv810189486za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=1243070665
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Aug 2024 19:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
38919
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/ 		35 B
91 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google-analytics.com/collect?v=1&_v=j101&a=758555324&t=pageview&_s=1&dl=https%3A%2F%2Fmy.fisherfunds.co.nz%2Flogin%3FreturnUrl%3D%2F&dp=%2F%2Flogin&ul=en-nz&de=UTF-8&dt=Login%20%7C%20Fisher%20Funds&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YCDACEABBAAAACAAI~&jid=&gjid=&cid=1597846909.1723269416&tid=UA-1051181-16&_gid=408136976.1723269416&gtm=45He4880n81WTW9HHGv810189486za200&gcd=13l3l3l3l1&dma=0&tag_exp=0&z=636820908
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

pragma
no-cache
date
Fri, 09 Aug 2024 19:08:17 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
age
38919
content-type
image/gif
access-control-allow-origin
*
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
35
expires
Mon, 01 Jan 1990 00:00:00 GMT
1362987
vc.hotjar.io/sessions/ 		0
231 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://vc.hotjar.io/sessions/1362987?s=0.25&r=0.22931891129975268
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
18.65.244.52 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-18-65-244-52.syd3.r.cloudfront.net
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-origin
*
date
Sat, 10 Aug 2024 05:56:56 GMT
cache-control
no-store
via
1.1 de78b5b2f4bbd9bb1abd6bed27a85d78.cloudfront.net (CloudFront)
x-amz-cf-pop
SYD3-P1
x-amz-cf-id
vA0r08Lf4lBHX3kOObkXGoS7WsMQtk4euKjHinoNNluEReMpcxVMVg==
x-cache
Miss from cloudfront
browser-perf.8417c6bba72228fa2e29.js
script.hotjar.com/ 		5 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://script.hotjar.com/browser-perf.8417c6bba72228fa2e29.js
Requested by
Host: script.hotjar.com
URL: https://script.hotjar.com/modules.8da33a8f469c3b5ffcec.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
108.158.32.59 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-108-158-32-59.syd3.r.cloudfront.net
Software
/
Resource Hash
70712c8650feecc46403b5801b9d5b72d5b2d6ba1d1cf0317e105603982321bf
Security Headers
Name Value
Strict-Transport-Security max-age=2592000; includeSubDomains
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sun, 11 Feb 2024 04:39:54 GMT
content-encoding
br
x-content-type-options
nosniff
strict-transport-security
max-age=2592000; includeSubDomains
via
1.1 2886e4c3f0ae51eca00bc6ca8a0f5226.cloudfront.net (CloudFront)
x-amz-cf-pop
SYD3-P2
age
15643022
x-cache
Hit from cloudfront
cross-origin-resource-policy
cross-origin
content-length
1782
last-modified
Fri, 09 Feb 2024 15:32:06 GMT
etag
"b83b61bc5871e9a23a0434e2c539f4f3"
vary
Accept-Encoding
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
cache-control
max-age=31536000
accept-ranges
bytes
x-robots-tag
none
x-amz-cf-id
LIs15nymdaTSTljptQKP9awOChl8a-Yk2wgQzOMPSEyTZASNlp_yMg==
140051566643217
connect.facebook.net/signals/config/ 		72 KB
15 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://connect.facebook.net/signals/config/140051566643217?v=2.9.164&r=stable&domain=my.fisherfunds.co.nz&hme=61ff4e692c87a9a2ce7b19822df2b04638e3ca38b23c1be6c0f1945ccadb2ad5&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C167%2C170%2C182%2C178%2C179%2C181%2C29%2C98%2C52%2C75%2C180%2C162%2C165%2C175%2C176%2C183%2C127%2C40%2C34%2C139%2C15%2C49%2C189%2C188%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C163%2C166%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110
Requested by
Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f019:116:face:b00c:0:3 Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
6b2a42554314a50430720118dcf24575c2c5858c8885be62e8b621487c200557
Security Headers
Name Value
Content-Security-Policy default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security max-age=31536000; preload; includeSubDomains
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

content-security-policy
default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding
gzip
x-content-type-options
nosniff
strict-transport-security
max-age=31536000; preload; includeSubDomains
date
Sat, 10 Aug 2024 05:56:56 GMT
document-policy
force-load-at-top
x-fb-server-load
27
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
15445
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
MODERATE; q=0.3, rtt=182, rtx=0, c=62, mss=1368, tbw=64372, tp=-1, tpl=-1, uplat=1, ullat=-1
pragma
public
x-fb-debug
GZ9JaFsh3+KSdTd2E5liJUFAhvF8TIWZOMw0HWFHZxsOKL7srmJeiA2K6REY75MqbM2dOI63k2iaSVttoCAwfQ==
cross-origin-embedder-policy-report-only
require-corp;report-to="coep_report"
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
application/x-javascript; charset=utf-8
x-frame-options
DENY
cache-control
public, max-age=1200
permissions-policy
accelerometer=(), attribution-reporting=(), autoplay=(), battery=(self), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin
*
expires
Sat, 01 Jan 2000 00:00:00 GMT
/
www.facebook.com/tr/ 		0
274 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/tr/?id=140051566643217&ev=PageView&dl=https%3A%2F%2Fmy.fisherfunds.co.nz&rl=&if=false&ts=1723269416766&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4124&fbp=fb.2.1723269416761.3225484330790547&cs_est=true&pm=1&hrl=d220dc&ler=empty&cdl=API_unavailable&it=1723269416528&coo=false&cs_cc=1&rqm=GET
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
proxygen-bolt /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality
MODERATE; q=0.3, rtt=179, rtx=0, c=10, mss=1368, tbw=2785, tp=-1, tpl=-1, uplat=1, ullat=0
strict-transport-security
max-age=31536000; includeSubDomains
date
Sat, 10 Aug 2024 05:56:57 GMT
server
proxygen-bolt
content-type
text/plain
access-control-allow-origin
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
content-length
0
/
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 		67 B
4 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=140051566643217&ev=PageView&dl=https%3A%2F%2Fmy.fisherfunds.co.nz&rl=&if=false&ts=1723269416766&sw=1600&sh=1200&v=2.9.164&r=stable&ec=0&o=4124&fbp=fb.2.1723269416761.3225484330790547&cs_est=true&pm=1&hrl=d220dc&ler=empty&cdl=API_unavailable&it=1723269416528&coo=false&cs_cc=1&rqm=FGET
Requested by
Host: my.fisherfunds.co.nz
URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),
Reverse DNS
Software
/
Resource Hash
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
Security Headers
Name Value
Content-Security-Policy default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security max-age=15552000; preload
X-Content-Type-Options nosniff
X-Frame-Options DENY
X-Xss-Protection 0

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

attribution-reporting-register-trigger
{"event_trigger_data":[{"trigger_data":"0"}],"aggregatable_trigger_data":[{"key_piece":"0x94118f357bcbb6b1","source_keys":["1"]}],"aggregatable_values":{"1":10922},"filters":{"2":["24:4251939091581978","24:6402153733159740","24:3647856331974879","24:3925911880786873","24:4738937359514086","24:3583425665067531","24:5062260600514567","24:3352235451536900","7830:4251939091581978","7830:6402153733159740","7830:3647856331974879","7830:3925911880786873","7830:4738937359514086","7830:3583425665067531","7830:5062260600514567","7830:3352235451536900","10853:4251939091581978","10853:6402153733159740","10853:3647856331974879","10853:3925911880786873","10853:4738937359514086","10853:3583425665067531","10853:5062260600514567","10853:3352235451536900","41:4251939091581978","41:6402153733159740","41:3647856331974879","41:3925911880786873","41:4738937359514086","41:3583425665067531","41:5062260600514567","41:3352235451536900","8046:4251939091581978","8046:6402153733159740","8046:3647856331974879","8046:3925911880786873","8046:4738937359514086","8046:3583425665067531","8046:5062260600514567","8046:3352235451536900"]},"debug_reporting":true,"debug_key":"1"}
content-encoding
zstd
x-content-type-options
nosniff
content-security-policy
default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
strict-transport-security
max-age=15552000; preload
document-policy
force-load-at-top
date
Sat, 10 Aug 2024 05:56:57 GMT
x-fb-server-load
41
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400
x-xss-protection
0
reporting-endpoints
coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7401385789085712333", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality
MODERATE; q=0.3, rtt=180, rtx=0, c=10, mss=1368, tbw=3103, tp=-1, tpl=-1, uplat=338, ullat=0
pragma
no-cache
x-fb-debug
zaN9N+eZ+gK8djQPRKyNniT1PmN0p9MjO7LiyWrM0bDxDtknmVOTBvsmowCBq5ui82F734h/HHWn+AhVj5rtBg==
cross-origin-opener-policy
same-origin-allow-popups;report-to="coop_report"
vary
Accept-Encoding
report-to
{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7401385789085712333"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type
image/png
x-frame-options
DENY
origin-agent-cluster
?0
cache-control
private, no-store, no-cache, must-revalidate
permissions-policy
accelerometer=(), attribution-reporting=(self), autoplay=(), battery=(self), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), usb-unrestricted=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires
Sat, 01 Jan 2000 00:00:00 GMT
favicon.ico
my.fisherfunds.co.nz/ 		3 KB
3 KB 		Other
General
Check archive.org
Download Go to
Full URL
https://my.fisherfunds.co.nz/favicon.ico
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6813:d061 , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f291966a6a9fa34c002d6dd686586eb132331a220f06b51a564093c65410b88c
Security Headers
Name Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Request headers

Referer
https://my.fisherfunds.co.nz/login?returnUrl=/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

date
Sat, 10 Aug 2024 05:56:57 GMT
content-security-policy
default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
x-content-type-options
nosniff
strict-transport-security
max-age=31536000
last-modified
Fri, 19 Jul 2024 02:21:52 GMT
server
cloudflare
cf-cache-status
MISS
content-encoding
gzip
x-frame-options
SAMEORIGIN
vary
Accept-Encoding
content-type
image/x-icon
cache-control
no-cache
x-nginx
MISS
cf-ray
8b0dbee48b2950a8-AKL
x-xss-protection
1; mode=block
track
dc.services.visualstudio.com/v2/ 		0
0 		Preflight
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.213.196.212 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
Security Headers
Name Value
Strict-Transport-Security max-age=31536000

Request headers

Accept
*/*
Access-Control-Request-Headers
content-type,sdk-context
Access-Control-Request-Method
POST
Origin
https://my.fisherfunds.co.nz
Sec-Fetch-Mode
cors
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36

Response headers

access-control-allow-headers
Origin,X-Requested-With,Content-Name,Content-Type,Accept,Cache-Control,Sdk-Context
access-control-allow-methods
POST
access-control-allow-origin
*
access-control-max-age
3600
date
Sat, 10 Aug 2024 05:56:57 GMT
server
Microsoft-HTTPAPI/2.0
strict-transport-security
max-age=31536000
track
dc.services.visualstudio.com/v2/ 		96 B
200 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://dc.services.visualstudio.com/v2/track
Requested by
Host: az416426.vo.msecnd.net
URL: https://az416426.vo.msecnd.net/scripts/a/ai.0.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
20.213.196.212 Sydney, Australia, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software
Microsoft-HTTPAPI/2.0 /
Resource Hash
7e161997ca3d74ae2a109d89d2899cd21f64657c83500b92ed33b17ea9871518
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff

Request headers

Referer
https://my.fisherfunds.co.nz/
Sdk-Context
appId
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-type
application/json

Response headers

access-control-allow-origin
*
strict-transport-security
max-age=31536000
date
Sat, 10 Aug 2024 05:56:57 GMT
x-content-type-options
nosniff
server
Microsoft-HTTPAPI/2.0
content-type
application/json; charset=utf-8
/
metrics.hotjar.io/ 		0
80 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://metrics.hotjar.io/?v=6&site_id=1362987
Requested by
Host: static.hotjar.com
URL: https://static.hotjar.com/c/hotjar-1362987.js?sv=6
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
52.48.14.101 -, , ASN (),
Reverse DNS
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://my.fisherfunds.co.nz/
User-Agent
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/127.0.0.0 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
*
date
Sat, 10 Aug 2024 05:57:00 GMT
access-control-max-age
86400

Verdicts & Comments Add Verdict or Comment

35 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| dataLayer object| appInsights object| __core-js_shared__ object| core function| AtomicSDK object| webpackJsonpkiwiwealth-portal-client function| setImmediate function| clearImmediate object| regeneratorRuntime function| applyFocusVisiblePolyfill object| AI object| Microsoft function| __extends function| _endsWith object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga function| hj object| _hjSettings function| fbq function| _fbq function| mktoMunchkinFunction object| Munchkin function| mktoMunchkin object| MunchkinTracker object| hjSiteSettings object| hjLazyModules function| hjBootstrap object| hjBootstrapCalled object| gaGlobal function| onYouTubeIframeAPIReady object| gaplugins object| gaData

13 Cookies

Domain/Path Name / Value
.fisherfunds.co.nz/ Name: __cf_bm
Value: UCoQ4Fydli9I7R5m0oeXgIMlyZfCUjbK3Bihroqm_3c-1723269414-1.0.1.1-1icneh0g3H0AHp3adb_dWjTUCyTmJloMbajgm6rMSopd.3pOkPUuWBaNAYUWaIAZIPZDFUXNjk2PDGbWUjWsGQ
my.fisherfunds.co.nz/ Name: ai_user
Value: naBKy|2024-08-10T05:56:54.800Z
.fisherfunds.co.nz/ Name: _gcl_au
Value: 1.1.177895541.1723269415
.fisherfunds.co.nz/ Name: _mkto_trk
Value: id:893-UCW-596&token:_mch-fisherfunds.co.nz-1723269415801-45264
.fisherfunds.co.nz/ Name: _ga_0NJE8CCJTD
Value: GS1.1.1723269416.1.1.1723269416.60.0.0
.fisherfunds.co.nz/ Name: _ga_NZNYX5X33S
Value: GS1.1.1723269416.1.0.1723269416.0.0.0
.fisherfunds.co.nz/ Name: _ga
Value: GA1.3.1597846909.1723269416
.fisherfunds.co.nz/ Name: _gid
Value: GA1.3.408136976.1723269416
.fisherfunds.co.nz/ Name: _gat_UA-1051181-16
Value: 1
.fisherfunds.co.nz/ Name: _hjSessionUser_1362987
Value: eyJpZCI6ImE2YTFhNDFlLTg0NTQtNTFiNy05YjdmLTNhYTU5NjkxZDJkNSIsImNyZWF0ZWQiOjE3MjMyNjk0MTYzMjIsImV4aXN0aW5nIjp0cnVlfQ==
.fisherfunds.co.nz/ Name: _hjSession_1362987
Value: eyJpZCI6IjA1NmUzMGY0LTczNzQtNGNhZC04OGJlLWZkNjYzNDQzYzYwMCIsImMiOjE3MjMyNjk0MTYzMjMsInMiOjEsInIiOjAsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MX0=
my.fisherfunds.co.nz/ Name: ai_session
Value: EXAec|1723269416454.9|1723269416454.9
.fisherfunds.co.nz/ Name: _fbp
Value: fb.2.1723269416761.3225484330790547

3 Console Messages

Source Level URL
Text
network error URL: https://my.fisherfunds.co.nz/api/extend-session
Message:
Failed to load resource: the server responded with a status of 401 ()
recommendation verbose URL: https://my.fisherfunds.co.nz/login?returnUrl=/
Message:
[DOM] Input elements should have autocomplete attributes (suggested: "current-password"): (More info: https://goo.gl/9p2vKq) %o
security error URL: https://munchkin.marketo.net/163/munchkin.js(Line 12)
Message:
Refused to connect to 'https://893-ucw-596.mktoresp.com/webevents/visitWebPage?_mchNc=1723269415802&_mchCn=&_mchId=893-UCW-596&_mchTk=_mch-fisherfunds.co.nz-1723269415801-45264&_mchWs=j1RQ&_mchHo=my.fisherfunds.co.nz&_mchPo=&_mchRu=%2Flogin&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=returnUrl%3D%2F' because it violates the following Content Security Policy directive: "default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:". Note that 'connect-src' was not explicitly set, so 'default-src' is used as a fallback.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy default-src 'self' 'unsafe-inline' 'unsafe-eval' https://player.vimeo.com/ https://*.akamaized.net/ https://59-2.client-api.atomic.io/ wss://59-2.client-api.atomic.io https://downloads.atomic.io https://analytics.google.com https://tagmanager.google.com https://*.googletagmanager.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com wss://nexus-websocket-a.intercom.io https://*.intercom.io https://intercom-sheets.com https://js.intercomcdn.com http://munchkin.marketo.net https://az416426.vo.msecnd.net https://dc.services.visualstudio.com http://*.hotjar.com:* https://*.hotjar.com:* http://*.hotjar.io https://*.hotjar.io wss://*.hotjar.com https://vars.hotjar.com https://connect.facebook.net https://amplify.outbrain.com https://s.yimg.com https://*.doubleclick.net https://*.googleadservices.com https://sp.analytics.yahoo.com blob:; font-src 'self' https://fonts.gstatic.com/ https://go.kiwiwealth.co.nz/ https://js.intercomcdn.com https://vars.hotjar.com https://fonts.intercomcdn.com data:; img-src 'self' https://go.kiwiwealth.co.nz/ https://edge.atomic.io/ https://analytics.google.com https://www.google-analytics.com https://region1.google-analytics.com https://region1.analytics.google.com https://static.intercomassets.com https://*.intercomcdn.com https://*.doubleclick.net https://www.google.com https://www.google.co.nz https://www.facebook.com https://tr.outbrain.com https://amplifypixel.outbrain.com https://dr.outbrain.com https://geo.yahoo.com https://vars.hotjar.com data:; frame-src 'self' wss://59-2.client-api.atomic.io https://downloads.atomic.io https://www.youtube.com/ https://intercom-sheets.com https://vars.hotjar.com data: blob:; frame-ancestors 'self' https://intercom.help;
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 1; mode=block

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

analytics.google.com
az416426.vo.msecnd.net
connect.facebook.net
dc.services.visualstudio.com
downloads.atomic.io
metrics.hotjar.io
munchkin.marketo.net
my.fisherfunds.co.nz
my.kiwiwealth.co.nz
script.hotjar.com
secure.kiwiwealth.co.nz
static.hotjar.com
stats.g.doubleclick.net
vc.hotjar.io
www.facebook.com
www.google-analytics.com
www.google.co.nz
www.googletagmanager.com
104.18.26.188
104.18.27.188
104.74.38.208
108.158.32.59
108.158.32.86
142.250.204.3
18.65.244.52
18.67.110.104
20.213.196.212
2001:4860:4802:32::178
2404:6800:4003:c1a::9a
2404:6800:4006:80f::2008
2606:2800:147:120f:30c:1ba0:fc6:265a
2606:4700::6813:d061
2607:f8b0:4007:815::200e
2a03:2880:f019:116:face:b00c:0:3
2a03:2880:f119:8083:face:b00c:0:25de
52.48.14.101
0588c842a7fe51b66095cb32907a9964b9b50499683633beb02b0b72f29623d1
0efb02954cf3d72ff4d67e90c8ef215db767b06156ecdea67dd412582a91cc03
13ae6cbc8c269019c0a1c379dd4db8e805130f2e55f8e86c1490bed4da62957f
1cffc2b3146584685cd72751d7f28aa030ab9ae2f1bc78f2c27909f8d8287b26
1d0ee80f98c224013dabb143f9819c5ec48dc67d1ce830f2a598e70c4b3c8b55
29dfd5511d1fb658a1da4cb2e60345034cb1029fe301d241b7f855a02f545a09
31054f4df33d690c8505c39b9dc30314b70ebe2d6ccb510ad399da085e9eefe9
337ad0a4120336e6c7c3a25f6d8cfb712f73a4818f942fc2cc1dc6d2753249e2
33f7f82239092fb4ca880e5879d6d43f42bb6f4cbc99d6f6da45f3d01d50efb2
45380efd4fa4471f4b8206826eb482ad3bf9aa1ce0c044b719774233646fa171
4a537aed91a1446bd6954dfd8e549b57c59329aebba0235ef370c37523f7d008
4d424af8e6254a3ee915b6efdec3f0ed3fcbdedc67c83025148c9758701cd2d4
5201c813c37a4168cc5c20c701d4391fd0a55625f97eb9f263a74fb52b52fd0e
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
5cbcee637a3e04c1acb8bc7b451289442d828c1dc672bf63ad603a3e53da8e23
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6b2a42554314a50430720118dcf24575c2c5858c8885be62e8b621487c200557
6caf1000516d2b335c5df0003b58df135c8871870766b3d5f1c69b1c1f22ae1a
70712c8650feecc46403b5801b9d5b72d5b2d6ba1d1cf0317e105603982321bf
76f448ec45359e863fb3a6432a2a3cf22c0cc0a52aead6318b57ab38db6f1d14
7d4abeb4e1909ecd4db5de150cc6c620937df52b1967f9dded3aee184d8c9d27
7e161997ca3d74ae2a109d89d2899cd21f64657c83500b92ed33b17ea9871518
8337212354871836e6763a41e615916c89bac5b3f1f0adf60ba43c7c806e1015
8db3eac2e2cdbbc64d815ad21734de6abbc701d2bd9b2172ea611f9c0c72f1d5
9ba322f4f398fc0751784f6dea130cb4c5232bf06ee05eb2610dec108afc403a
9d0a7e5439a18c5f8cf2587232ca73691e5c8c5a7aceb0a0c9df830d14bc0c6c
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
bbdb3c36ecde60df0d9631175cd7106f72f8cc6ee1e712e9ecb69d9d1735b3f3
cd88b6984d1fc3ce763c4678b745ee6894d8a4e7ee9221629c242cb3697f1e34
d572237a09d748a6094d286148fe3f4d1ae6cecb612d76ddc8efcfd1d6e686ef
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e4c6c2b2620b9aaf65aa1aa6f4b2846d1f7e8b1e4c255c28d7fb065cdd90a378
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f291966a6a9fa34c002d6dd686586eb132331a220f06b51a564093c65410b88c