www.hsabank.com Open in urlscan Pro
70.37.166.146 Public Scan

Go To Rescan
Add Verdict Report

URL:
https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_co...
Submission: On January 25 via api (January 25th 2024, 2:23:39 pm UTC) from US — Scanned from DE

Summary HTTP 50 Redirects Links 14 Behaviour Indicators

Summary

This website contacted 14 IPs in 3 countries across 12 domains to perform 50 HTTP transactions. The main IP is 70.37.166.146, located in San Antonio, United States and belongs to MICROSOFT-CORP-MSN-AS-BLOCK, US. The main domain is www.hsabank.com. The Cisco Umbrella rank of the primary domain is 187749.
TLS certificate: Issued by Entrust Certification Authority - L1K on March 6th 2023. Valid for: a year.

This is the only time www.hsabank.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
25	70.37.166.146 70.37.166.146	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	2a00:1450:400... 2a00:1450:4001:827::200a	15169 (GOOGLE) (GOOGLE)
2	2606:4700::68... 2606:4700::6812:acf	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2a00:1450:400... 2a00:1450:4001:830::2008	15169 (GOOGLE) (GOOGLE)
2	44.213.186.112 44.213.186.112	14618 (AMAZON-AES) (AMAZON-AES)
1	2600:9000:21f... 2600:9000:21f3:3000:1:fb61:2b80:93a1	16509 (AMAZON-02) (AMAZON-02)
2	2a03:2880:f08... 2a03:2880:f083:100:face:b00c:0:3	32934 (FACEBOOK) (FACEBOOK)
4	2a00:1450:400... 2a00:1450:4001:813::2003	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:34::36	15169 (GOOGLE) (GOOGLE)
2	2001:4860:480... 2001:4860:4802:32::178	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:400c:c0c::9a	15169 (GOOGLE) (GOOGLE)
2	2a00:1450:400... 2a00:1450:4001:806::2003	15169 (GOOGLE) (GOOGLE)
1	2a00:1450:400... 2a00:1450:4001:828::2004	15169 (GOOGLE) (GOOGLE)
1	2600:1f18:445... 2600:1f18:4457:4601:828a:8a74:f3b5:a4f3	14618 (AMAZON-AES) (AMAZON-AES)
50	14

25 70.37.166.146 (San Antonio, United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.hsabank.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:827::200a (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.googleapis.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2606:4700::6812:acf (United States)

ASN13335 (CLOUDFLARENET, US)

maxcdn.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
netdna.bootstrapcdn.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2a00:1450:4001:830::2008 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 44.213.186.112 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-44-213-186-112.compute-1.amazonaws.com

7298557.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
nova.collect.igodigital.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:9000:21f3:3000:1:fb61:2b80:93a1 (United States)

ASN16509 (AMAZON-02, US)

cdn.levelaccess.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f083:100:face:b00c:0:3 (Frankfurt am Main, Germany)

ASN32934 (FACEBOOK, US)

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2a00:1450:4001:813::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

fonts.gstatic.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:34::36 (United States)

ASN15169 (GOOGLE, US)

region1.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
region1.analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2001:4860:4802:32::178 (United States)

ASN15169 (GOOGLE, US)

www.google-analytics.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:400c:c0c::9a (Brussels, Belgium)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a00:1450:4001:806::2003 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.de	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2a00:1450:4001:828::2004 (Frankfurt am Main, Germany)

ASN15169 (GOOGLE, US)

www.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2600:1f18:4457:4601:828a:8a74:f3b5:a4f3 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)

api.levelaccess.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
25	hsabank.com www.hsabank.com — Cisco Umbrella Rank: 187749	443 KB
4	gstatic.com fonts.gstatic.com	138 KB
3	google-analytics.com region1.google-analytics.com — Cisco Umbrella Rank: 2029 www.google-analytics.com — Cisco Umbrella Rank: 27	21 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 37	268 KB
2	google.de www.google.de — Cisco Umbrella Rank: 6518	515 B
2	doubleclick.net stats.g.doubleclick.net — Cisco Umbrella Rank: 79	396 B
2	google.com region1.analytics.google.com — Cisco Umbrella Rank: 2616 www.google.com — Cisco Umbrella Rank: 2	462 B
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 174	68 KB
2	levelaccess.net cdn.levelaccess.net — Cisco Umbrella Rank: 15971 api.levelaccess.net — Cisco Umbrella Rank: 16716	62 KB
2	igodigital.com 7298557.collect.igodigital.com — Cisco Umbrella Rank: 258965 nova.collect.igodigital.com — Cisco Umbrella Rank: 6653	3 KB
2	bootstrapcdn.com maxcdn.bootstrapcdn.com — Cisco Umbrella Rank: 1019 netdna.bootstrapcdn.com — Cisco Umbrella Rank: 3034	11 KB
1	googleapis.com fonts.googleapis.com — Cisco Umbrella Rank: 28	2 KB
50	12

	Domain	Requested by
25	www.hsabank.com	www.hsabank.com
4	fonts.gstatic.com	fonts.googleapis.com
3	www.googletagmanager.com	www.hsabank.com www.googletagmanager.com
2	www.google.de	www.hsabank.com
2	stats.g.doubleclick.net	www.googletagmanager.com www.google-analytics.com
2	www.google-analytics.com	www.googletagmanager.com www.google-analytics.com
2	connect.facebook.net	www.hsabank.com connect.facebook.net
1	api.levelaccess.net	cdn.levelaccess.net
1	www.google.com	www.hsabank.com
1	region1.analytics.google.com	www.googletagmanager.com
1	nova.collect.igodigital.com	www.hsabank.com
1	region1.google-analytics.com	www.googletagmanager.com
1	netdna.bootstrapcdn.com	www.hsabank.com
1	cdn.levelaccess.net	www.hsabank.com
1	7298557.collect.igodigital.com	www.hsabank.com
1	maxcdn.bootstrapcdn.com	www.hsabank.com
1	fonts.googleapis.com	www.hsabank.com
50	17

This site contains links to these domains. Also see Links.

Domain
myaccounts.hsabank.com
ioe.hsabank.com
secure.hsabank.com
careers.hsabank.com
www.irs.gov
investors.websterbank.com
www.facebook.com
www.twitter.com
www.linkedin.com
www.youtube.com
www.instagram.com
public.websteronline.com

Subject Issuer	Validity	Valid
www.hsabank.com Entrust Certification Authority - L1K	`2023-03-06` - `2024-03-17`	a year	crt.sh
upload.video.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
bootstrapcdn.com GTS CA 1P5	`2023-11-30` - `2024-02-28`	3 months	crt.sh
*.google-analytics.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.collect.igodigital.com Amazon RSA 2048 M03	`2023-11-15` - `2024-12-14`	a year	crt.sh
cdn.levelaccess.net Amazon RSA 2048 M02	`2023-11-30` - `2024-12-28`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2023-11-03` - `2024-02-01`	3 months	crt.sh
*.gstatic.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
*.g.doubleclick.net GTS CA 1C3	`2023-12-11` - `2024-03-04`	3 months	crt.sh
www.google.de GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
www.google.com GTS CA 1C3	`2024-01-02` - `2024-03-26`	3 months	crt.sh
api.levelaccess.net Amazon RSA 2048 M03	`2023-12-01` - `2024-12-29`	a year	crt.sh

This page contains 1 frames:

Primary Page: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
Frame ID: A827E6B6D786DE567827E26923422859
Requests: 50 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

HSA Tax Time 101 - Frequently Asked Questions - HSA Bank

Detected technologies

Bootstrap (Web Frameworks) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]*?bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.css
bootstrap(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)[^>]*?(?:\.min)?\.js

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Font Awesome (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+(?:([\d.]+)/)?(?:css/)?font-awesome(?:\.min)?\.css
<link[^>]* href=[^>]*?(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:[^>]*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)
(?:F|f)o(?:n|r)t-?(?:A|a)wesome(?:.*?([0-9a-fA-F]{7,40}|[\d]+(?:.[\d]+(?:.[\d]+)?)?)|)

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

google-analytics\.com/(?:ga|urchin|analytics)\.js

Google Font API (Font Scripts) Expand

Overall confidence: 100%
Detected patterns

<link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Page Statistics

50
Requests

100 %
HTTPS

86 %
IPv6

12
Domains

17
Subdomains

14
IPs

3
Countries

1016 kB
Transfer

2657 kB
Size

7
Cookies

14 Outgoing links

These are links going to different origins than the main page.

URL: https://myaccounts.hsabank.com/
Title: Login

Search URL Search Domain Scan URL

URL: https://ioe.hsabank.com/home
Title: Open an HSA

Search URL Search Domain Scan URL

URL: https://secure.hsabank.com/employer/employersignup/EmployerSignUp.aspx
Title: Employer Sign-Up Form

Search URL Search Domain Scan URL

URL: https://careers.hsabank.com/
Title: Careers

Search URL Search Domain Scan URL

URL: https://www.irs.gov/
Title: irs.gov

Search URL Search Domain Scan URL

URL: https://www.irs.gov/pub/irs-pdf/f1099sa.pdf
Title: here

Search URL Search Domain Scan URL

URL: https://www.irs.gov/pub/irs-pdf/f5498sa.pdf
Title: here

Search URL Search Domain Scan URL

URL: https://investors.websterbank.com/overview/default.aspx
Title: Webster Bank Financial Information

Search URL Search Domain Scan URL

URL: https://www.facebook.com/hsabank

Search URL Search Domain Scan URL

URL: https://www.twitter.com/hsabank

Search URL Search Domain Scan URL

URL: https://www.linkedin.com/company/hsa-bank

Search URL Search Domain Scan URL

URL: https://www.youtube.com/user/HSABankMedia

Search URL Search Domain Scan URL

URL: https://www.instagram.com/hsabank

Search URL Search Domain Scan URL

URL: https://public.websteronline.com/important-information-about-insuring-your-deposits-through-fdic
Title: Learn about FDIC insurance coverage

Search URL Search Domain Scan URL

Redirected requests

There were HTTP redirect chains for the following requests:

50 HTTP transactions
0 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1 200
OK Primary Request hsa-tax-time-101 Show response
www.hsabank.com/hsabank/learning-center/ 97 KB
22 KB 879ms
393ms Document
text/html 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7c227d1a277363ea85333d5a174baf06a3e0578d9153f8ae198fdc4cf5ac12f3

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
accept-language: de-DE,de;q=0.9

Response headers

Cache-Control: no-cache, no-store
Content-Encoding: gzip
Content-Length: 20915
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: text/html; charset=utf-8
Date: Thu, 25 Jan 2024 14:23:32 GMT
Expires: -1
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Pragma: no-cache
Referrer-Policy: strict-origin-when-cross-origin
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Server: Microsoft-IIS/10.0
Strict-Transport-Security: max-age=31536000; includeSubDomains
Vary: Accept-Encoding
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN

GET
H/1.1 200
OK bootstrapmin.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 118 KB
29 KB 371ms
370ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/bootstrapmin.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="bootstrapmin.css"
Content-Length: 27680
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 21 Apr 2020 17:48:44 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H2 200 css2
fonts.googleapis.com/ 24 KB
2 KB 80ms
31ms Stylesheet
text/css 2a00:1450:4001:827::200a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:827::200a Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

ESF /

Resource Hash

00ec9064066f0096bd271d5d4ddfa3a4107ee6c4fb01f09a598507cc497d1115

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

strict-transport-security: max-age=31536000
date: Thu, 25 Jan 2024 14:23:33 GMT
content-encoding: gzip
x-content-type-options: nosniff
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 14:23:33 GMT
server: ESF
cross-origin-opener-policy: same-origin-allow-popups
x-frame-options: SAMEORIGIN
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cache-control: private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin: *
link: <https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires: Thu, 25 Jan 2024 14:23:33 GMT

GET
H2 200 font-awesome.min.css
maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/ 30 KB
7 KB 74ms
29ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:33 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 722
age: 4954555
cdn-cachedat: 10/31/2023 18:48:06
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:04:55 GMT
cdn-proxyver: 1.04
cdn-requestpullcode: 200
server: cloudflare
etag: W/"269550530cc127b6aa5a35925a7de6ce"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 9e61a4e37a75208649ae6b63a0cb4f72
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 84b12cba2c5e3825-FRA
cdn-requestpullsuccess: True

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 277 KB
92 KB 349ms
38ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-0MQV0B81C8

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

1a46758261e61c34a0820e225ab9e8d1f79f2283b4d8b546d3e75fb7d7e7aad0

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 93751
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 25 Jan 2024 14:23:34 GMT

GET
H/1.1 200
OK style.css
www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/ 87 KB
25 KB 747ms
461ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="style.css"
Content-Length: 23954
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 07 Mar 2023 18:27:29 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK lock-yellow.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 487 B
2 KB 469ms
170ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/lock-yellow.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:18 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="lock-yellow.png"
Accept-Ranges: bytes
Content-Length: 487
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK members.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 6 KB
8 KB 481ms
172ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/members.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="members.jpg"
Accept-Ranges: bytes
Content-Length: 6597
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK logo-hsabank.ashx
www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/ 11 KB
13 KB 239ms
172ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/-/media/Images/Mobile_Responsive_2017/logo-hsabank.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 23 Feb 2023 15:06:33 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="logo-hsabank.png"
Accept-Ranges: bytes
Content-Length: 11026
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchboxmobile.min.css
www.hsabank.com/Styles/ 311 B
2 KB 161ms
159ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/searchboxmobile.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 273
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 09 Jun 2023 18:53:50 GMT
Server: Microsoft-IIS/10.0
ETag: "a74eafba39bd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK open-hsa-navbanner.jpg
www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/ 38 KB
40 KB 670ms
520ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/learning-center/~/Media/Images/Mobile_Responsive_2017/2017/nav-banners/open-hsa-navbanner.jpg

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:20:20 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="open-hsa-navbanner.jpg"
Accept-Ranges: bytes
Content-Length: 38779
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK 2023-report-nav
www.hsabank.com/~/media/Images/learning-center/health-and-wealth-index/ 60 KB
62 KB 332ms
216ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/media/Images/learning-center/health-and-wealth-index/2023-report-nav

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c42156cd05dba885d41cdb82f2f587281860dac9895c6897326aa5a09c64b15c

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 01 Jun 2023 21:10:58 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="2023-report-nav.jpg"
Accept-Ranges: bytes
Content-Length: 61635
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK learning-center.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 10 KB
12 KB 207ms
171ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/learning-center.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:22 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="learning-center.jpg"
Accept-Ranges: bytes
Content-Length: 10245
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK about.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/ 11 KB
13 KB 202ms
178ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/menu/about.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:23 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="about.jpg"
Accept-Ranges: bytes
Content-Length: 11131
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchbox.min.css
www.hsabank.com/Styles/ 920 B
2 KB 256ms
160ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/searchbox.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 594
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 09 Jun 2023 18:53:50 GMT
Server: Microsoft-IIS/10.0
ETag: "a74eafba39bd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK searchglass.ashx
www.hsabank.com/-/media/Images/Mobile_Responsive_2017/ 439 B
2 KB 160ms
160ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/-/media/Images/Mobile_Responsive_2017/searchglass.ashx?la=en

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:33 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:19 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="searchglass.png"
Accept-Ranges: bytes
Content-Length: 439
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK searchbox.min.js Show response
www.hsabank.com/Scripts/ 85 B
2 KB 181ms
181ms Script
application/x-javascript 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Scripts/searchbox.min.js

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 191
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 09 Jun 2023 18:53:50 GMT
Server: Microsoft-IIS/10.0
ETag: "689d9eba39bd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK breadcrumb.min.css
www.hsabank.com/Styles/Site/ 563 B
2 KB 277ms
170ms Stylesheet
text/css 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/Styles/Site/breadcrumb.min.css

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:33 GMT
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Length: 407
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Fri, 09 Jun 2023 18:53:50 GMT
Server: Microsoft-IIS/10.0
ETag: "465bedba39bd91:0"
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H/1.1 200
OK still-contribute-box
www.hsabank.com/hsabank/learning-center/~/media/Images/Mobile_Responsive_2017/2017/members/tax-page/ 19 KB
21 KB 952ms
876ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/hsabank/learning-center/~/media/Images/Mobile_Responsive_2017/2017/members/tax-page/still-contribute-box

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

2fa6c35e9cad0e35bec93ed34de1da81ff14bfe4a5800c4eff634cef47fd8920

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 02 Nov 2020 16:58:17 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="still-contribute-box.jpg"
Accept-Ranges: bytes
Content-Length: 19704
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 collect.js Show response
7298557.collect.igodigital.com/ 8 KB
2 KB 434ms
123ms Script
application/javascript 44.213.186.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL: https://7298557.collect.igodigital.com/collect.js
Requested by: Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
Protocol: H2
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 44.213.186.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS: ec2-44-213-186-112.compute-1.amazonaws.com
Software: /
Resource Hash: 463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:34 GMT
content-encoding: gzip
last-modified: Tue, 23 Jan 2024 20:09:17 GMT
vary: Accept-Encoding
content-type: application/javascript

GET
H/1.1 200
OK access.js Show response
cdn.levelaccess.net/accessjs/YW1wMTEwNDI/ 462 KB
62 KB 912ms
601ms Script
application/javascript 2600:9000:21f3:3000:1:fb61:2b80:93a1
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js
Requested by: Host: www.hsabank.com
URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_128_GCM
Server: 2600:9000:21f3:3000:1:fb61:2b80:93a1 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
Software: AmazonS3 /
Resource Hash: 0cfce7eefff90f756f17247faf1b31b094044c0288c4d63319ccb02b492794bb

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

x-amz-version-id: JM98LSwk.Z0X7DG.i.GVn0x2sYAsT_Cc
Content-Encoding: gzip
Via: 1.1 286eb4b50e0acf373dd03645aee00b7e.cloudfront.net (CloudFront)
Date: Thu, 25 Jan 2024 14:23:35 GMT
X-Amz-Cf-Pop: FRA2-C2
x-amz-server-side-encryption: AES256
X-Cache: RefreshHit from cloudfront
x-amz-replication-status: COMPLETED
Connection: keep-alive
Content-Length: 62797
Last-Modified: Fri, 05 Jan 2024 00:45:41 GMT
Server: AmazonS3
ETag: "23601bdb9c1d0f39a2d3420dbcecfebd"
Vary: Accept-Encoding
Content-Type: application/javascript
Cache-Control: max-age=900
Accept-Ranges: bytes
X-Amz-Cf-Id: gE086mR-Dq89C3NM9Kgzjq3FY-PbGD9zxFtIhwV2L9KttLaYdssrvA==

GET
H/1.1 200
OK SITE.js Show response
www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/ 360 KB
149 KB 334ms
334ms Script
application/x-javascript 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.hsabank.com/~/Media/Files/Custom_Java/HSABank/Mobile_Responsive_2017/SITE.js?v=1.07

Requested by

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Thu, 25 Jan 2024 14:23:34 GMT
Transfer-Encoding: chunked
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Disposition: inline; filename="SITE.js"
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Thu, 08 Sep 2022 19:00:47 GMT
Server: Microsoft-IIS/10.0
Vary: Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/x-javascript
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Accept-Ranges: bytes

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 251 KB
80 KB 375ms
66ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

6253859d0d35bf79a23af61580046e28d16a21249f61059a416bed0d76dbe939

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 81772
x-xss-protection: 0
last-modified: Thu, 25 Jan 2024 12:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Thu, 25 Jan 2024 14:23:34 GMT

GET
H2 200 bootstrap-glyphicons.css
netdna.bootstrapcdn.com/bootstrap/3.0.0/css/ 13 KB
3 KB 28ms
28ms Stylesheet
text/css 2606:4700::6812:acf
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://netdna.bootstrapcdn.com/bootstrap/3.0.0/css/bootstrap-glyphicons.css

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6812:acf , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:34 GMT
strict-transport-security: max-age=31536000; includeSubDomains; preload
x-content-type-options: nosniff
cf-cache-status: HIT
content-encoding: br
cdn-edgestorageid: 755
age: 4873404
cdn-cachedat: 08/20/2022 04:30:12
cdn-pullzone: 252412
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
last-modified: Mon, 25 Jan 2021 22:03:55 GMT
cdn-proxyver: 1.02
cdn-requestpullcode: 200
server: cloudflare
etag: W/"4e99a55d216e622c9ed6b9708d8b8010"
vary: Accept-Encoding
content-type: text/css; charset=utf-8
access-control-allow-origin: *
cdn-cache: HIT
cdn-uid: b1941f61-b576-4f40-80de-5677acb38f74
cache-control: public, max-age=31919000
cdn-requestid: 224a9e47ff13a3702ec6a4269819b781
timing-allow-origin: *
cdn-requestcountrycode: DE
cdn-status: 200
cf-ray: 84b12cbe88ce3825-FRA
cdn-requestpullsuccess: True

GET
H2 200 fbevents.js Show response
connect.facebook.net/en_US/ 213 KB
57 KB 62ms
21ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

74f6b2b975944800f1566e81aaed5cc5dcb7a7170eafd4cdd3e205f88f8e1f5f

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net .google-analytics.com .google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net *.google-analytics.com *.google.com 127.0.0.1:* 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self';block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 25 Jan 2024 14:23:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 57021
x-xss-protection: 0
pragma: public
x-fb-debug: +udrIn1Vvw/8vvJfseipx6+KeM80b4JkhLp6bkmR9Mi7i8IWlXV800x2iSy3S0M8TdyZMWAD4QZjXEMX8DA2XA==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
x-fb-optimizer: 0
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK tridown-green.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 200 B
2 KB 288ms
244ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tridown-green.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:30 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="tridown-green.png"
Accept-Ranges: bytes
Content-Length: 200
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK divider.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 1 KB
3 KB 472ms
411ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/divider.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:16:14 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="divider.png"
Accept-Ranges: bytes
Content-Length: 1458
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK tertiary-green-line.jpg
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/ 12 KB
14 KB 264ms
264ms Image
image/jpeg 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/tertiary-green-line.jpg

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Tue, 08 Jun 2021 13:26:47 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/jpeg
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="tertiary-green-line.jpg"
Accept-Ranges: bytes
Content-Length: 12233
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK facebook-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 320 B
2 KB 261ms
260ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/facebook-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:20 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="facebook-grey.png"
Accept-Ranges: bytes
Content-Length: 320
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK twitter-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 2 KB
4 KB 247ms
247ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/twitter-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:16 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="twitter-grey.png"
Accept-Ranges: bytes
Content-Length: 1821
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK linkedin-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 402 B
2 KB 457ms
457ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/linkedin-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:15 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="linkedin-grey.png"
Accept-Ranges: bytes
Content-Length: 402
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK youtube-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 389 B
2 KB 270ms
270ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/youtube-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 19 Apr 2020 19:18:19 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="youtube-grey.png"
Accept-Ranges: bytes
Content-Length: 389
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H/1.1 200
OK instagram-grey.png
www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/ 4 KB
6 KB 403ms
403ms Image
image/png 70.37.166.146
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.hsabank.com/~/Media/Images/Mobile_Responsive_2017/icons/instagram-grey.png

Requested by

Host: www.hsabank.com
URL: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_256_GCM

Server

70.37.166.146 San Antonio, United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),

Reverse DNS

Software

Microsoft-IIS/10.0 /

Resource Hash

f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/~/Media/Files/Custom_CSS/HSABank/Mobile_Responsive_2017/style.css?v=1.06
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

Strict-Transport-Security: max-age=31536000; includeSubDomains
Date: Thu, 25 Jan 2024 14:23:34 GMT
X-Content-Type-Options: nosniff
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Mon, 06 Mar 2023 21:49:36 GMT
Server: Microsoft-IIS/10.0
X-Frame-Options: SAMEORIGIN
Content-Security-Policy-Report-Only: default-src 'self'; script-src 'self' 'unsafe-inline'; script-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://cdnjs.cloudflare.com https://*.jquery.com https://*.facebook.net https://*.googleapis.com https://*.googletagmanager.com https://*.google-analytics.com https://*.igodigital.com https://*.levelaccess.net https://*.cludo.com https://*.pardot.com https://*.hsabank.com; style-src 'self' 'unsafe-inline'; style-src-elem 'self' 'unsafe-inline' https://*.hsabank.com https://*.googleapis.com https://*.bootstrapcdn.com; base-uri 'self'; font-src 'self' https://*.gstatic.com https://*.bootstrapcdn.com; connect-src 'self' https://*.google-analytics.com https://*.levelaccess.net; img-src 'self' https://*.igodigital.com https://*.hsabank.com https://*.google-analytics.com; frame-src 'self' https://*.hsabank.com ;form-action 'self'
Content-Type: image/png
Cache-Control: private, max-age=604800
Permissions-Policy: microphone=(), payment=(), geolocation=(self), sync-xhr=*
Content-Disposition: inline; filename="instagram-grey.png"
Accept-Ranges: bytes
Content-Length: 4458
Request-Context: appId=cid-v1:8fedb8c4-35ce-49f3-a619-b84f98aa48d7

GET
H2 200 ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2
fonts.gstatic.com/s/robotocondensed/v27/ 50 KB
50 KB 99ms
53ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v27/ieVl2ZhZI2eCN5jzbjEETS9weq8-19K7DQ.woff2

Requested by

Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css2?family=Roboto+Condensed:ital,wght@0,300;0,400;0,700;1,300;1,400;1,700&family=Roboto:ital,wght@0,400;0,700;1,400;1,700&display=swap

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Tue, 23 Jan 2024 23:47:38 GMT
x-content-type-options: nosniff
age: 138956
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 51404
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 17:52:59 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:47:38 GMT

GET
H2 200 KFOmCnqEu92Fr1Mu4mxK.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 65ms
19ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Tue, 23 Jan 2024 23:28:52 GMT
x-content-type-options: nosniff
age: 140082
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15744
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:48 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:28:52 GMT

GET
H2 200 KFOlCnqEu92Fr1MmWUlfBBc4.woff2
fonts.gstatic.com/s/roboto/v30/ 15 KB
16 KB 70ms
25ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Fri, 19 Jan 2024 16:39:21 GMT
x-content-type-options: nosniff
age: 510253
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 15860
x-xss-protection: 0
last-modified: Wed, 11 May 2022 19:24:42 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Sat, 18 Jan 2025 16:39:21 GMT

GET
H2 200 ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2
fonts.gstatic.com/s/robotocondensed/v27/ 56 KB
56 KB 77ms
40ms Font
font/woff2 2a00:1450:4001:813::2003
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://fonts.gstatic.com/s/robotocondensed/v27/ieVj2ZhZI2eCN5jzbjEETS9weq8-19eLDwM9.woff2

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:813::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

sffe /

Resource Hash

4e0d02c04fe3bb456ed7318a162a6248bd481b6f8e955fecda064d7c0ad3d792

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://fonts.googleapis.com/
Origin: https://www.hsabank.com
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Tue, 23 Jan 2024 23:36:03 GMT
x-content-type-options: nosniff
age: 139651
content-security-policy-report-only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 56996
x-xss-protection: 0
last-modified: Wed, 18 Oct 2023 17:53:14 GMT
server: sffe
cross-origin-opener-policy: same-origin; report-to="apps-themes"
report-to: {"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type: font/woff2
access-control-allow-origin: *
cache-control: public, max-age=31536000
accept-ranges: bytes
timing-allow-origin: *
expires: Wed, 22 Jan 2025 23:36:03 GMT

POST
H2 204 collect
region1.google-analytics.com/g/ 0
254 B 73ms
27ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.google-analytics.com/g/collect?v=2&tid=G-0MQV0B81C8&gtm=45je41m0v9173727349&_p=1706192613424&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=908831222.1706192614&ul=en-us&sr=1600x1200&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_s=1&sid=1706192614&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_nsi=1&_ss=1&_ee=1&tfd=1714
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-0MQV0B81C8
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 298 KB
96 KB 36ms
35ms Script
application/javascript 2a00:1450:4001:830::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:830::2008 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

2611d156c55180f5072522bb65ebae3e65cc37d13e9ef5af27568e20cb1d62a2

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

date: Thu, 25 Jan 2024 14:23:34 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 98419
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Thu, 25 Jan 2024 14:23:34 GMT

GET
H2 200 analytics.js Show response
www.google-analytics.com/ 52 KB
21 KB 69ms
21ms Script
text/javascript 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/analytics.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

strict-transport-security: max-age=10886400; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Thu, 25 Jan 2024 13:48:09 GMT
last-modified: Tue, 12 Dec 2023 18:09:08 GMT
server: Golfe2
age: 2125
vary: Accept-Encoding
content-type: text/javascript
cache-control: public, max-age=7200
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 20994
expires: Thu, 25 Jan 2024 15:48:09 GMT

GET
H2 403 track_page_view
nova.collect.igodigital.com/c2/7298557/ 43 B
354 B 132ms
131ms Image
image/gif 44.213.186.112
AMAZON-AES

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401%22%2C%22referrer%22%3A%22%22%7D

Requested by

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

44.213.186.112 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

ec2-44-213-186-112.compute-1.amazonaws.com

Software

Resource Hash

98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	1; mode=block

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

x-runtime: 0.003443
date: Thu, 25 Jan 2024 14:23:34 GMT
content-encoding: gzip
x-content-type-options: nosniff
x-frame-options: SAMEORIGIN
vary: Accept-Encoding
content-type: image/gif
cache-control: private
content-transfer-encoding: binary
content-disposition: inline
x-xss-protection: 1; mode=block
x-request-id: 13e65932-dd22-4855-8626-79a1c7ff8755

GET
H2 200 1686908524672324 Show response
connect.facebook.net/signals/config/ 53 KB
11 KB 66ms
66ms Script
application/x-javascript 2a03:2880:f083:100:face:b00c:0:3
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/1686908524672324?v=2.9.142&r=stable&domain=www.hsabank.com&hme=e82209ddce2f5ef9f00773b102465283e977acad712d554991b839c35823b905&ex_m=62%2C103%2C91%2C95%2C53%2C3%2C87%2C61%2C14%2C85%2C78%2C44%2C46%2C145%2C148%2C159%2C155%2C156%2C158%2C25%2C88%2C45%2C68%2C157%2C140%2C143%2C152%2C153%2C160%2C112%2C13%2C43%2C164%2C163%2C114%2C16%2C29%2C32%2C1%2C36%2C57%2C58%2C59%2C63%2C82%2C15%2C12%2C84%2C81%2C80%2C92%2C94%2C31%2C93%2C26%2C22%2C141%2C144%2C121%2C24%2C9%2C10%2C11%2C5%2C6%2C21%2C19%2C20%2C49%2C54%2C56%2C66%2C89%2C23%2C67%2C8%2C7%2C71%2C41%2C18%2C17%2C4%2C73%2C79%2C72%2C77%2C33%2C35%2C76%2C48%2C74%2C28%2C37%2C65%2C0%2C83%2C75%2C2%2C30%2C55%2C34%2C90%2C38%2C70%2C60%2C40%2C39%2C96%2C52%2C51%2C27%2C86%2C50%2C47%2C42%2C69%2C64%2C97

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f083:100:face:b00c:0:3 Frankfurt am Main, Germany, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

1c3c69be7c3dfc4ed7d76de7b50938fd22354ca68e55ad2163d66decd7621345

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;script-src .fbcdn.net .facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net .facebook.net fbcdn.net .fbcdn.net fbsbx.com .fbsbx.com;connect-src .fbcdn.net .facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

permissions-policy-report-only: autoplay=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(), picture-in-picture=(), xr-spatial-tracking=()
content-security-policy: default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Thu, 25 Jan 2024 14:23:34 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
pragma: public
x-fb-debug: eWbZP42GaBTM4/I9K/jrKaAVxWWcWz9x3HWLd281Tdydl2ht42EBOUmV2XeboNZ4u/UIWMYkAwuy0gE+8qMgkw==
cross-origin-opener-policy: same-origin-allow-popups
vary: Accept-Encoding
x-frame-options: DENY
content-type: application/x-javascript; charset=utf-8
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), ambient-light-sensor=(), bluetooth=(), camera=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=()
timing-allow-origin: *
expires: Sat, 01 Jan 2000 00:00:00 GMT

POST
H2 204 collect
region1.analytics.google.com/g/ 0
54 B 27ms
26ms Ping
text/plain 2001:4860:4802:34::36
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je41m0v891973184z8831185600&_p=1706192613424&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=908831222.1706192614&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1706192614&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1&tfd=1799
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::36 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
47 B 79ms
27ms Ping
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=908831222.1706192614&gtm=45je41m0v891973184z8831185600&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
408 B 93ms
45ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=908831222.1706192614&gtm=45je41m0v891973184z8831185600&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1243661674

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
www.google-analytics.com/j/ 4 B
209 B 28ms
27ms XHR
text/plain 2001:4860:4802:32::178
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.google-analytics.com/j/collect?v=1&_v=j101&a=1871894653&t=pageview&_s=1&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&ul=en-us&de=UTF-8&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YADAAEABAAAAACAAI~&jid=998736285&gjid=1165364258&cid=908831222.1706192614&tid=UA-187387-6&_gid=343199344.1706192614&_r=1&_slc=1&gtm=45He41m0n81PZV52K3v831185600&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&z=874122756

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2001:4860:4802:32::178 , United States, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8

Security Headers

Name	Value
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 collect Show response
stats.g.doubleclick.net/j/ 4 B
349 B 29ms
26ms XHR
text/plain 2a00:1450:400c:c0c::9a
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&gjid=1165364258&_gid=343199344.1706192614&_u=YADAAEAAAAAAACAAI~&z=1701470518

Requested by

Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:400c:c0c::9a Brussels, Belgium, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Golfe2 /

Resource Hash

84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80

Security Headers

Name	Value
Strict-Transport-Security	max-age=10886400; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain

Response headers

pragma: no-cache
strict-transport-security: max-age=10886400; includeSubDomains; preload
date: Thu, 25 Jan 2024 14:23:34 GMT
x-content-type-options: nosniff
last-modified: Sun, 17 May 1998 03:00:00 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.hsabank.com
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 4
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.com/ads/ 42 B
408 B 108ms
62ms Image
image/gif 2a00:1450:4001:828::2004
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&_u=YADAAEAAAAAAACAAI~&z=1927855525

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:828::2004 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H2 200 ga-audiences
www.google.de/ads/ 42 B
107 B 46ms
46ms Image
image/gif 2a00:1450:4001:806::2003
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&_u=YADAAEAAAAAAACAAI~&z=1927855525

Requested by

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a00:1450:4001:806::2003 Frankfurt am Main, Germany, ASN15169 (GOOGLE, US),

Reverse DNS

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

accept-language: de-DE,de;q=0.9
Referer: https://www.hsabank.com/
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67

Response headers

pragma: no-cache
date: Thu, 25 Jan 2024 14:23:34 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 200 results Show response
api.levelaccess.net/analytics/3.0/ 0
322 B 439ms
115ms XHR
text/plain 2600:1f18:4457:4601:828a:8a74:f3b5:a4f3
AMAZON-AES

General

Check archive.org

Show headers Download Go to

Full URL

https://api.levelaccess.net/analytics/3.0/results

Requested by

Host: cdn.levelaccess.net
URL: https://cdn.levelaccess.net/accessjs/YW1wMTEwNDI/access.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

2600:1f18:4457:4601:828a:8a74:f3b5:a4f3 Ashburn, United States, ASN14618 (AMAZON-AES, US),

Reverse DNS

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.hsabank.com/
accept-language: de-DE,de;q=0.9
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/92.0.4515.131 Safari/537.36 Edg/92.0.902.67
Content-Type: text/plain;charset=UTF-8

Response headers

access-control-allow-origin: *
date: Thu, 25 Jan 2024 14:23:38 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
x-content-type-options: nosniff
access-control-expose-headers: Origin, X-Requested-With, Content-Type, Accept
content-length: 0
vary: Origin, Access-Control-Request-Method, Access-Control-Request-Headers

Verdicts & Comments Add Verdict or Comment

68 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

7 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
www.hsabank.com/	1969-12-31 23:59:59	Name: ASP.NET_SessionId Value: kbnbexf23nj4gb3htqz3w3ol
.hsabank.com/	1970-01-21 03:32:32	Name: _ga_0MQV0B81C8 Value: GS1.1.1706192614.1.0.1706192614.0.0.0
.hsabank.com/	1970-01-21 03:32:32	Name: _ga_HR1XKMEB6P Value: GS1.1.1706192614.1.0.1706192614.60.0.0
.hsabank.com/	1970-01-21 03:32:32	Name: _ga Value: GA1.2.908831222.1706192614
.hsabank.com/	1970-01-20 17:57:59	Name: _gid Value: GA1.2.343199344.1706192614
.hsabank.com/	1970-01-20 17:56:32	Name: _gat_gtmtrack Value: 1
www.hsabank.com/	1970-01-20 17:57:59	Name: qs Value: ?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401

237 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 8) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	(Line 6) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-PZV52K3(Line 4) Message: [Report Only] Refused to evaluate a string as JavaScript because 'unsafe-eval' is not an allowed source of script in the following Content Security Policy directive: "script-src 'self' 'unsafe-inline'".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je41m0v891973184z8831185600&_p=1706192613424&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=908831222.1706192614&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1706192614&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1&tfd=1799' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je41m0v891973184z8831185600&_p=1706192613424&_gaz=1&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=908831222.1706192614&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=1&sid=1706192614&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=page_view&_fv=1&_ss=1&tfd=1799' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=908831222.1706192614&gtm=45je41m0v891973184z8831185600&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/g/collect?v=2&tid=G-HR1XKMEB6P&cid=908831222.1706192614&gtm=45je41m0v891973184z8831185600&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401 Message: [Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-HR1XKMEB6P&cid=908831222.1706192614&gtm=45je41m0v891973184z8831185600&aip=1&dma=1&dma_cps=sypham&gcd=11l1l1l1l1&z=1243661674' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
security	error	URL: https://www.google-analytics.com/analytics.js(Line 35) Message: [Report Only] Refused to connect to 'https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&gjid=1165364258&_gid=343199344.1706192614&_u=YADAAEAAAAAAACAAI~&z=1701470518' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".
network	error	URL: https://nova.collect.igodigital.com/c2/7298557/track_page_view?payload=%7B%22title%22%3A%22HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank%22%2C%22url%22%3A%22https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401%22%2C%22referrer%22%3A%22%22%7D Message: Failed to load resource: the server responded with a status of 403 ()
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401 Message: [Report Only] Refused to load the image 'https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&_u=YADAAEAAAAAAACAAI~&z=1927855525' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
security	error	URL: https://www.hsabank.com/hsabank/learning-center/hsa-tax-time-101?utm_campaign=tax&utm_medium=email&utm_source=wex&utm_content=std-1099&utm_term=hsa-tax-time-faq&utm_id=ee&utm_campaign_id=948655&utm_creative_format=na&utm_marketing_tactic=202401 Message: [Report Only] Refused to load the image 'https://www.google.de/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j101&tid=UA-187387-6&cid=908831222.1706192614&jid=998736285&_u=YADAAEAAAAAAACAAI~&z=1927855525' because it violates the following Content Security Policy directive: "img-src 'self' https://.igodigital.com https://.hsabank.com https://*.google-analytics.com".
security	error	URL: https://www.googletagmanager.com/gtag/js?id=G-HR1XKMEB6P&l=dataLayer&cx=c(Line 216) Message: [Report Only] Refused to connect to 'https://region1.analytics.google.com/g/collect?v=2&tid=G-HR1XKMEB6P&gtm=45je41m0v891973184z8831185600&_p=1706192613424&gcd=11l1l1l1l1&dma_cps=sypham&dma=1&cid=908831222.1706192614&ul=en-us&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&_eu=EA&_s=2&sid=1706192614&sct=1&seg=0&dl=https%3A%2F%2Fwww.hsabank.com%2Fhsabank%2Flearning-center%2Fhsa-tax-time-101%3Futm_campaign%3Dtax%26utm_medium%3Demail%26utm_source%3Dwex%26utm_content%3Dstd-1099%26utm_term%3Dhsa-tax-time-faq%26utm_id%3Dee%26utm_campaign_id%3D948655%26utm_creative_format%3Dna%26utm_marketing_tactic%3D202401&dt=HSA%20Tax%20Time%20101%20-%20Frequently%20Asked%20Questions%20-%20HSA%20Bank&en=utms_hsab&ep.utm_campaign=tax&ep.utm_medium=email&ep.utm_source=wex&ep.utm_content=std-1099&ep.utm_term=hsa-tax-time-faq&ep.utm_id=ee&ep.utm_campaign_id=948655&ep.utm_creative_format=na&ep.utm_marketing_tactic=202401&ep.url_subdirectory_2=hsa-tax-time-101&ep.url_directory=hsabank&ep.e_category=learning-center&_et=2&tfd=6803' because it violates the following Content Security Policy directive: "connect-src 'self' https://.google-analytics.com https://.levelaccess.net".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

7298557.collect.igodigital.com
api.levelaccess.net
cdn.levelaccess.net
connect.facebook.net
fonts.googleapis.com
fonts.gstatic.com
maxcdn.bootstrapcdn.com
netdna.bootstrapcdn.com
nova.collect.igodigital.com
region1.analytics.google.com
region1.google-analytics.com
stats.g.doubleclick.net
www.google-analytics.com
www.google.com
www.google.de
www.googletagmanager.com
www.hsabank.com
2001:4860:4802:32::178
2001:4860:4802:34::36
2600:1f18:4457:4601:828a:8a74:f3b5:a4f3
2600:9000:21f3:3000:1:fb61:2b80:93a1
2606:4700::6812:acf
2a00:1450:4001:806::2003
2a00:1450:4001:813::2003
2a00:1450:4001:827::200a
2a00:1450:4001:828::2004
2a00:1450:4001:830::2008
2a00:1450:400c:c0c::9a
2a03:2880:f083:100:face:b00c:0:3
44.213.186.112
70.37.166.146
00ec9064066f0096bd271d5d4ddfa3a4107ee6c4fb01f09a598507cc497d1115
0cfce7eefff90f756f17247faf1b31b094044c0288c4d63319ccb02b492794bb
134e7514c0adc4160ee20023402f2be4d7e9f869222392b4639cb05912cccca2
1a46758261e61c34a0820e225ab9e8d1f79f2283b4d8b546d3e75fb7d7e7aad0
1c3c69be7c3dfc4ed7d76de7b50938fd22354ca68e55ad2163d66decd7621345
2611d156c55180f5072522bb65ebae3e65cc37d13e9ef5af27568e20cb1d62a2
2d91e980d6f338755fa8c1a9ec52e2b4e75f90ee211530783cddcef3978a0746
2e5ea304576c05ccc854670fe397ef56880d803760a5de0e61081403e2009c61
2fa6c35e9cad0e35bec93ed34de1da81ff14bfe4a5800c4eff634cef47fd8920
309f24a395e42590b12a4b3f298826f25517edd44fe9bddcc32300598cbb6755
3125503095eb347633cce9f00d090dcc466164199f6018c4390988ece5e8cd9f
3adcd7060b73a40bdb29c97abbab98ef6c29038028ba0c7d974cbcdd3b1b158b
463faad63e59f653f8367ca1bd38629a240ebd4f2165c313e660933acc322b04
4e0d02c04fe3bb456ed7318a162a6248bd481b6f8e955fecda064d7c0ad3d792
510714d70c4277955aa865209771680c78789950540e91b893f9c4f990696344
517edd119c5b2719e6ac4b30bf1fd864a6395179a41d273c0afc0696e7495d8e
5298b61386b233b02c1f2dc3aff963463ebbe568b021817019f0da72fc5b165d
5a3d8c05785485d36ee5c94d4681e5b1d9e4b94c5be8b5bd7b0f3168fff1bd9a
6253859d0d35bf79a23af61580046e28d16a21249f61059a416bed0d76dbe939
74f6b2b975944800f1566e81aaed5cc5dcb7a7170eafd4cdd3e205f88f8e1f5f
799aeb25cc0373fdee0e1b1db7ad6c2f6a0e058dfadaa3379689f583213190bd
7c227d1a277363ea85333d5a174baf06a3e0578d9153f8ae198fdc4cf5ac12f3
7cab3f2151fb03bcbe1f364addf0bb414a68215edc08e2772da0aba6d8df4f8f
84e01419bd81f32ac6df0f75f49c604fda9172000a3ae432b3c47b2a6a712d80
85975a2be961791f9eca87929ad244be78a77031631e9e27baeb40b2dd2d8403
87cec327a260c0960d91a7c4e9976eb243afa732c22b0cb2310181543739fe1b
98b3d9d20e032f90aca49e9b116225d539ff6fbdb7e42c3c363f63896ac03d2a
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
b4d5f510c2190ca5ff87374b25cf3c1ba3334d41c5437b262cae8952a0dac6ad
b7f060e299b946e48571efc616afabf681564879b5431dae029354719b685b6c
bba7cc1311ac67910af9bfa0b863a0d6fcbf1c5ee4caec7f764c3562e4947ceb
c42156cd05dba885d41cdb82f2f587281860dac9895c6897326aa5a09c64b15c
c7a298bd81e9f7b534e848d2560e4ff7188d16c9b8fde216e786993a2e247f74
ca64645c22680035acdd8149902fda928c381cafbeab0b628b5542a7323ee0e4
cc3b5cfbea89a027388d2a8bfa5e0f511501ccf16f56ad9262cf10abc5ff3f66
d7a229a58c6420f329f8dca6dc343ba08ad13c42fae2ca4ccf948a3da791e91d
de36e50194320a7d3ef1ace9bd34a875a8bd458b253c061979dd628e9bf49afd
e208ea831c45866daa21bd38f49ba53f64ac457b9082198c5d295921f59fe8ca
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
ea0ca377484f9837aca91bb2d556ad0d62ed836a5a0c98d4a09edc6026c84e8a
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f26166b8e10ee1addb81a52ab9f73f2e4706ded755b327ffc11ca093b9e93072
f5aebdfea35d1e7656ef4acc5db1f243209755ae3300943ef8fc6280f363c860
f6734f8177112c0839b961f96d813fcb189d81b60e96c33278c1983b6f419615
fc8331c82d59e08430c3a341203a29b57de8ab6595876e484fc5a31e03183693

www.hsabank.com Open in urlscan Pro 70.37.166.146 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Detected technologies

Page Statistics

50 Requests

100 %HTTPS

86 %IPv6

12 Domains

17 Subdomains

14 IPs

3 Countries

1016 kBTransfer

2657 kBSize

7 Cookies

14 Outgoing links

Redirected requests

50 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 0 data transactions

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

www.hsabank.com Open in urlscan Pro
70.37.166.146 Public Scan

Screenshot
Live screenshot

Full Image

50
Requests

100 %
HTTPS

86 %
IPv6

12
Domains

17
Subdomains

14
IPs

3
Countries

1016 kB
Transfer

2657 kB
Size

7
Cookies

50 HTTP transactions
0 data transactions