urlscan.io logo urlscan.io
SecurityTrails logo

share.acorns.com Open in urlscan Pro
52.21.170.27  Public Scan

Go To Rescan Add Verdict Report
Submitted URL: https://share.acorns.com/devinrexford
Effective URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=...
Submission: On September 26 via api from CA — Scanned from CA
 Behaviour Indicators
Similar DOM Content API
Verdicts

Summary

This website contacted 20 IPs in 2 countries across 16 domains to perform 57 HTTP transactions. The main IP is 52.21.170.27, located in Ashburn, United States and belongs to AMAZON-AES, US. The main domain is share.acorns.com. The Cisco Umbrella rank of the primary domain is 148347.
TLS certificate: Issued by R3 on September 8th 2022. Valid for: 3 months.
This is the only time share.acorns.com was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

IP Address AS Autonomous System
1 6 52.21.170.27 14618 (AMAZON-AES)
2 2607:f8b0:400... 15169 (GOOGLE)
1 99.84.108.26 16509 (AMAZON-02)
1 2606:4700::68... 13335 (CLOUDFLAR...)
1 2600:1400:d:4... 20940 (AKAMAI-ASN1)
1 2607:f8b0:400... 15169 (GOOGLE)
4 2607:f8b0:400... 15169 (GOOGLE)
6 2600:1400:d:5... 20940 (AKAMAI-ASN1)
4 162.159.138.60 13335 (CLOUDFLAR...)
8 146.75.30.109 54113 (FASTLY)
1 23.5.226.225 16625 (AKAMAI-AS)
3 2607:f8b0:400... 15169 (GOOGLE)
8 2600:1400:d:5... 20940 (AKAMAI-ASN1)
2 2607:f8b0:400... 15169 (GOOGLE)
1 162.159.128.61 13335 (CLOUDFLAR...)
2 34.120.202.204 15169 (GOOGLE)
2 2607:f8b0:400... 15169 (GOOGLE)
1 151.101.66.137 54113 (FASTLY)
2 162.247.241.14 23467 (NEWRELIC-...)
2 52.4.48.51 14618 (AMAZON-AES)
57 20
6    52.21.170.27 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-21-170-27.compute-1.amazonaws.com
share.acorns.com
2    2607:f8b0:4006:817::200a (Rockville, United States)

ASN15169 (GOOGLE, US)
fonts.googleapis.com
1    99.84.108.26 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-99-84-108-26.iad79.r.cloudfront.net
builder-assets.unbounce.com
1    2606:4700::6811:190e (United States)

ASN13335 (CLOUDFLARENET, US)
cdnjs.cloudflare.com
1    2600:1400:d:487::13b8 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
cdn.optimizely.com
1    2607:f8b0:4006:823::2008 (Rockville, United States)

ASN15169 (GOOGLE, US)
www.googletagmanager.com
4    2607:f8b0:4006:81e::2003 (Rockville, United States)

ASN15169 (GOOGLE, US)
fonts.gstatic.com
www.google.ca
6    2600:1400:d:588::10f5 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
origin.xtlo.net
origin-2.xtlo.net
4    162.159.138.60 (None, )

ASN13335 (CLOUDFLARENET, US)
player.vimeo.com
8    146.75.30.109 (Ashburn, United States)

ASN54113 (FASTLY, US)
i.vimeocdn.com
f.vimeocdn.com
1    23.5.226.225 (Secaucus, United States)

ASN16625 (AKAMAI-AS, US)
PTR: a23-5-226-225.deploy.static.akamaitechnologies.com
a627150995.cdn.optimizely.com
3    2607:f8b0:4006:81d::200e (Rockville, United States)

ASN15169 (GOOGLE, US)
www.google-analytics.com
8    2600:1400:d:5ab::10f5 (New York, United States)

ASN20940 (AKAMAI-ASN1, NL)
origin-7.xtlo.net
origin-0.xtlo.net
origin-4.xtlo.net
origin-5.xtlo.net
2    2607:f8b0:4004:c09::9b (Ashburn, United States)

ASN15169 (GOOGLE, US)
stats.g.doubleclick.net
1    162.159.128.61 (None, )

ASN13335 (CLOUDFLARENET, US)
vimeo.com
2    34.120.202.204 (Kansas City, United States)

ASN15169 (GOOGLE, US)
PTR: 204.202.120.34.bc.googleusercontent.com
fresnel.vimeocdn.com
2    2607:f8b0:4006:80c::2004 (Rockville, United States)

ASN15169 (GOOGLE, US)
www.google.com
1    151.101.66.137 (United States)

ASN54113 (FASTLY, US)
js-agent.newrelic.com
2    162.247.241.14 (United States)

ASN23467 (NEWRELIC-AS-1, US)
bam.nr-data.net
2    52.4.48.51 (Ashburn, United States)

ASN14618 (AMAZON-AES, US)
PTR: ec2-52-4-48-51.compute-1.amazonaws.com
logx.optimizely.com
Apex Domain
Subdomains		 Transfer
14 xtlo.net
origin.xtlo.net — Cisco Umbrella Rank: 25782
origin-7.xtlo.net — Cisco Umbrella Rank: 184242
origin-0.xtlo.net — Cisco Umbrella Rank: 534041
origin-4.xtlo.net — Cisco Umbrella Rank: 63606
origin-5.xtlo.net — Cisco Umbrella Rank: 351040
origin-2.xtlo.net — Cisco Umbrella Rank: 475431
160 KB
10 vimeocdn.com
i.vimeocdn.com — Cisco Umbrella Rank: 2902
f.vimeocdn.com — Cisco Umbrella Rank: 3016
fresnel.vimeocdn.com — Cisco Umbrella Rank: 2886
273 KB
6 acorns.com
share.acorns.com — Cisco Umbrella Rank: 148347
34 KB
5 vimeo.com
player.vimeo.com — Cisco Umbrella Rank: 1759
vimeo.com — Cisco Umbrella Rank: 1656
38 KB
4 optimizely.com
cdn.optimizely.com — Cisco Umbrella Rank: 705
a627150995.cdn.optimizely.com — Cisco Umbrella Rank: 444578
logx.optimizely.com — Cisco Umbrella Rank: 1203
170 KB
3 google-analytics.com
www.google-analytics.com — Cisco Umbrella Rank: 27
20 KB
2 nr-data.net
bam.nr-data.net — Cisco Umbrella Rank: 215
1019 B
2 google.ca
www.google.ca — Cisco Umbrella Rank: 8529
608 B
2 google.com
www.google.com — Cisco Umbrella Rank: 2
608 B
2 doubleclick.net
stats.g.doubleclick.net — Cisco Umbrella Rank: 79
512 B
2 gstatic.com
fonts.gstatic.com
34 KB
2 googleapis.com
fonts.googleapis.com — Cisco Umbrella Rank: 40
2 KB
1 newrelic.com
js-agent.newrelic.com — Cisco Umbrella Rank: 326
18 KB
1 googletagmanager.com
www.googletagmanager.com — Cisco Umbrella Rank: 62
42 KB
1 cloudflare.com
cdnjs.cloudflare.com — Cisco Umbrella Rank: 209
28 KB
1 unbounce.com
builder-assets.unbounce.com — Cisco Umbrella Rank: 17883
3 KB
57 16
Domain Requested by
6 share.acorns.com 1 redirects share.acorns.com
5 f.vimeocdn.com player.vimeo.com
5 origin.xtlo.net share.acorns.com
4 origin-7.xtlo.net share.acorns.com
4 player.vimeo.com share.acorns.com
cdn.optimizely.com
3 www.google-analytics.com www.googletagmanager.com
www.google-analytics.com
3 i.vimeocdn.com player.vimeo.com
2 logx.optimizely.com cdn.optimizely.com
2 bam.nr-data.net player.vimeo.com
2 www.google.ca share.acorns.com
2 www.google.com share.acorns.com
2 fresnel.vimeocdn.com f.vimeocdn.com
2 stats.g.doubleclick.net www.google-analytics.com
2 origin-0.xtlo.net share.acorns.com
2 fonts.gstatic.com fonts.googleapis.com
2 fonts.googleapis.com share.acorns.com
1 origin-2.xtlo.net share.acorns.com
1 origin-5.xtlo.net share.acorns.com
1 origin-4.xtlo.net share.acorns.com
1 js-agent.newrelic.com player.vimeo.com
1 vimeo.com f.vimeocdn.com
1 a627150995.cdn.optimizely.com cdn.optimizely.com
1 www.googletagmanager.com share.acorns.com
1 cdn.optimizely.com share.acorns.com
1 cdnjs.cloudflare.com share.acorns.com
1 builder-assets.unbounce.com share.acorns.com
57 26

This site contains links to these domains. Also see Links.

Domain
www.acorns.com
signup.acorns.com
Subject Issuer Validity Valid
share.acorns.com
R3		 2022-09-08 -
2022-12-07		 3 months crt.sh
upload.video.google.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.unbounce.com
Amazon		 2022-02-08 -
2023-03-09		 a year crt.sh
sni.cloudflaressl.com
Cloudflare Inc ECC CA-3		 2022-08-03 -
2023-08-02		 a year crt.sh
cdn.optimizely.com
DigiCert SHA2 Secure Server CA		 2021-12-24 -
2022-12-24		 a year crt.sh
*.google-analytics.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.gstatic.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
media.extole.com
GeoTrust RSA CA 2018		 2022-07-25 -
2023-07-28		 a year crt.sh
*.vimeocdn.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-05-17 -
2023-06-18		 a year crt.sh
*.cdn.optimizely.com
DigiCert TLS RSA SHA256 2020 CA1		 2022-06-03 -
2023-06-07		 a year crt.sh
*.g.doubleclick.net
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
vimeo.com
Cloudflare Inc ECC CA-3		 2022-09-21 -
2023-09-20		 a year crt.sh
fresnel.vimeocdn.com
GTS CA 1D4		 2022-08-04 -
2022-11-02		 3 months crt.sh
www.google.com
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
*.google.ca
GTS CA 1C3		 2022-09-05 -
2022-11-28		 3 months crt.sh
js-agent.newrelic.com
GlobalSign Atlas R3 DV TLS CA 2022 Q2		 2022-07-10 -
2023-08-11		 a year crt.sh
*.nr-data.net
DigiCert TLS RSA SHA256 2020 CA1		 2022-01-10 -
2023-02-10		 a year crt.sh
logx.optimizely.com
Amazon		 2022-07-24 -
2023-08-22		 a year crt.sh

This page contains 4 frames:

Primary Page: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Frame ID: 923CBFF81D06F6A4DAF883E636DFE5DD
Requests: 39 HTTP requests in this frame

Frame: https://player.vimeo.com/video/712213462?h=1fd7d8fbe0&badge=0&autopause=0&autoplay=0&muted=0&loop=1&player_id=0&app_id=58479
Frame ID: 54B519A18299351376BC9C5A7C7DD5B2
Requests: 4 HTTP requests in this frame

Frame: https://a627150995.cdn.optimizely.com/client_storage/a627150995.html
Frame ID: F82B645A1A9B86EEB0D77D92F6131142
Requests: 1 HTTP requests in this frame

Frame: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Frame ID: 1DFB4DBBA3144672436EAE6917457539
Requests: 13 HTTP requests in this frame

Screenshot
Live screenshot
Full Image

Page Title

Redeem your $5 investment!

Page URL History Show full URLs

  1. https://share.acorns.com/devinrexford HTTP 302
    https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&ex... Page URL

Detected technologies

Overall confidence: 100%
Detected patterns
  • google-analytics\.com/(?:ga|urchin|analytics)\.js
Overall confidence: 100%
Detected patterns
  • <link[^>]* href=[^>]+fonts\.(?:googleapis|google)\.com
Overall confidence: 100%
Detected patterns
  • googletagmanager\.com/gtag/js
Overall confidence: 100%
Detected patterns
  • optimizely\.com.*\.js
Overall confidence: 100%
Detected patterns
  • /([\d.]+)/jquery(?:\.min)?\.js
  • jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

57
Requests

100 %
HTTPS

50 %
IPv6

16
Domains

26
Subdomains

20
IPs

2
Countries

825 kB
Transfer

3779 kB
Size

11
Cookies

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

  1. https://share.acorns.com/devinrexford HTTP 302
    https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

57 HTTP transactions

Resource
Path		 Size
x-fer		 Type
MIME-Type
Primary Request friend_landing_experience_microsite
share.acorns.com/zones/
Redirect Chain
  • https://share.acorns.com/devinrexford
  • https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
90 KB
16 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.21.170.27 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-170-27.compute-1.amazonaws.com
Software
Extole /
Resource Hash
1c68904c86ce301c339d7762c9f3d71739f4b8410673dbf44f14c4de375cab27
Security Headers
Name Value
Content-Security-Policy frame-ancestors https://*.extole.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOW-FROM https://*.extole.com

Request headers

Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
access-control-expose-headers
X-Extole-Token
cache-control
no-cache
content-encoding
gzip
content-security-policy
frame-ancestors https://*.extole.com
content-type
text/html;charset=UTF-8
date
Mon, 26 Sep 2022 15:45:50 GMT
expires
Mon, 26 Sep 2022 15:45:49 GMT
p3p
CP="Please see our privacy policy"
server
Extole
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin Accept-Encoding
x-extole-token
49C7607ELINGID9LC0T0TN14FK
x-frame-options
ALLOW-FROM https://*.extole.com

Redirect headers

access-control-allow-credentials
true
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
access-control-expose-headers
X-Extole-Token
content-encoding
gzip
content-length
20
content-security-policy
frame-ancestors https://*.extole.com
content-type
text/html
date
Mon, 26 Sep 2022 15:45:50 GMT
location
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
p3p
CP="Please see our privacy policy"
server
Extole
strict-transport-security
max-age=31536000; includeSubDomains
vary
Origin Accept-Encoding
x-extole-token
49C7607ELINGID9LC0T0TN14FK
x-frame-options
ALLOW-FROM https://*.extole.com
css
fonts.googleapis.com/ 		2 KB
1017 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito%20Sans
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
224412cb30f93e51adfe6832c50b9b8f05109674abb1a7618ac08da241212eed
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 26 Sep 2022 13:54:21 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 26 Sep 2022 15:45:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Sep 2022 15:45:50 GMT
css
fonts.googleapis.com/ 		2 KB
591 B 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://fonts.googleapis.com/css?family=Nunito%20Sans:600
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:817::200a Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
ESF /
Resource Hash
0d9791763bcf08089691bf6321b19f3df30339f4af276753cd2e24e5381bfa9d
Security Headers
Name Value
Strict-Transport-Security max-age=31536000
X-Content-Type-Options nosniff
X-Frame-Options SAMEORIGIN
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=31536000
content-encoding
gzip
x-content-type-options
nosniff
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
x-xss-protection
0
last-modified
Mon, 26 Sep 2022 14:09:15 GMT
server
ESF
cross-origin-opener-policy
same-origin-allow-popups
date
Mon, 26 Sep 2022 15:45:50 GMT
x-frame-options
SAMEORIGIN
content-type
text/css; charset=utf-8
access-control-allow-origin
*
cache-control
private, max-age=86400, stale-while-revalidate=604800
timing-allow-origin
*
link
<https://fonts.gstatic.com>; rel=preconnect; crossorigin
expires
Mon, 26 Sep 2022 15:45:50 GMT
main-7b78720.z.css
builder-assets.unbounce.com/published-css/ 		15 KB
3 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://builder-assets.unbounce.com/published-css/main-7b78720.z.css
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
99.84.108.26 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS
server-99-84-108-26.iad79.r.cloudfront.net
Software
AmazonS3 /
Resource Hash
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Sat, 20 Aug 2022 18:51:51 GMT
content-encoding
gzip
last-modified
Mon, 04 Jul 2022 16:47:32 GMT
server
AmazonS3
age
3185640
etag
"4458a4d76a70cb207bcc34d6bc6f872f"
x-cache
Hit from cloudfront
x-amz-version-id
L4ZmeoxkTVchyWCkJ77TONE89Elaj8X7
via
1.1 f672414ac3f5fcc589dd2a6d8cdee8be.cloudfront.net (CloudFront)
cache-control
max-age=31536000
x-amz-cf-pop
IAD79-C2
accept-ranges
bytes
content-type
text/css
content-length
2902
x-amz-cf-id
9T1VvuYNhTENzBM_5QBcAHaSf2hAFv1xejtS2UweCBFT2KnD8HkSrA==
core.js
share.acorns.com/ 		43 KB
14 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://share.acorns.com/core.js
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.21.170.27 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-170-27.compute-1.amazonaws.com
Software
Extole /
Resource Hash
c1a45253022c089130ec3aae028572e9acc4cc0509d4ab550081f6b0c68877e6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:50 GMT
content-encoding
gzip
server
Extole
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
p3p
CP="Please see our privacy policy"
access-control-max-age
3600
cache-control
no-transform, max-age=3600
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
access-control-expose-headers
X-Extole-Token
jquery.min.js
cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/ 		87 KB
28 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdnjs.cloudflare.com/ajax/libs/jquery/3.5.1/jquery.min.js
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2606:4700::6811:190e , United States, ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
Security Headers
Name Value
Strict-Transport-Security max-age=15780000
X-Content-Type-Options nosniff

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:50 GMT
content-encoding
br
x-content-type-options
nosniff
cf-cache-status
HIT
nel
{"success_fraction":0.01,"report_to":"cf-nel","max_age":604800}
age
3431099
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=86400, h3-29=":443"; ma=86400
content-length
27958
timing-allow-origin
*
last-modified
Mon, 04 May 2020 23:01:39 GMT
server
cloudflare
cf-cdnjs-via
cfworker/kv
etag
"5eb09ed3-15d84"
expect-ct
max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"
strict-transport-security
max-age=15780000
report-to
{"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=x9IjTLj8%2BBSeEeY%2F3khRaVChbmHzg%2FHQpZDv7orMddmNcidkGKgTA0fDgIWOCct8fRSyswTmMw%2F9CMGicw5YibY2wY1pafUHtfoxak%2BB9XQsdD9sf1RWfpaXKmNn4vk%2Bql%2F8AeXsqxtnmDseiz21EY2E"}],"group":"cf-nel","max_age":604800}
content-type
application/javascript; charset=utf-8
access-control-allow-origin
*
vary
Accept-Encoding
cache-control
public, max-age=30672000
accept-ranges
bytes
cf-ray
750d21043ec5713e-YUL
expires
Sat, 16 Sep 2023 15:45:50 GMT
9730220283.js
cdn.optimizely.com/js/ 		841 KB
168 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://cdn.optimizely.com/js/9730220283.js
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:487::13b8 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
AmazonS3 /
Resource Hash
d186e1d5396742ec52e4e5e8f59c5f004b86c16421cb331b1836b22ec833d686
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-meta-pci_enabled
False
x-amz-version-id
SCpomZxg8RdJJihPA5dmnk22BEEclOyt
content-encoding
gzip
etag
"a9a0ff5eed944bcebd6e2b6cbc50382a"
x-amz-request-id
F4VW4X0DG35M8ES9
x-amz-server-side-encryption
AES256
x-amz-meta-revision
6752
x-amz-replication-status
PENDING
access-control-allow-methods
GET, HEAD
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="54";dur=0,cdnip;desc="2600:1400:d:487::13b8";dur=0,cdnmap;desc="a5048.dsca.akamaiedge.net";dur=0,proto;desc="h2";dur=0
vary
Accept-Encoding
content-length
171225
x-amz-id-2
1ivUFSF9Zk3+sc+4khmcSQWtHCHjZ56PIqYHO9G6+UESDWdfvvC2yLGzUVnee0Z95r3G1gVDITU=
last-modified
Mon, 26 Sep 2022 14:21:26 GMT
server
AmazonS3
date
Mon, 26 Sep 2022 15:45:50 GMT
access-control-max-age
86400
strict-transport-security
max-age=15768000
content-type
text/javascript; charset=utf-8
access-control-allow-origin
*
access-control-expose-headers
x-amz-meta-revision
cache-control
max-age=600
accept-ranges
bytes
timing-allow-origin
*
access-control-allow-headers
*
js
www.googletagmanager.com/gtag/ 		106 KB
42 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.googletagmanager.com/gtag/js?id=UA-46142661-9
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:823::2008 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Google Tag Manager /
Resource Hash
cfeaf0f59987d7a545c83df4d35a124cd11fb40ecdd809c3d02e6e1ec386c7a6
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:50 GMT
content-encoding
br
vary
Accept-Encoding
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42230
x-xss-protection
0
last-modified
Mon, 26 Sep 2022 15:00:00 GMT
server
Google Tag Manager
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/javascript; charset=UTF-8
access-control-allow-origin
*
cache-control
private, max-age=900
access-control-allow-credentials
true
access-control-allow-headers
Cache-Control
expires
Mon, 26 Sep 2022 15:45:50 GMT
pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
fonts.gstatic.com/s/nunitosans/v12/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v12/pe03MImSLYBIv1o4X1M8cc9iB85tU1E.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito%20Sans:600
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 19 Sep 2022 21:12:19 GMT
x-content-type-options
nosniff
age
585211
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
17156
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:33:24 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Sep 2023 21:12:19 GMT
pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
fonts.gstatic.com/s/nunitosans/v12/ 		17 KB
17 KB 		Font
General
Check archive.org
Download Go to
Full URL
https://fonts.gstatic.com/s/nunitosans/v12/pe0qMImSLYBIv1o4X1M8cce9I9s.woff2
Requested by
Host: fonts.googleapis.com
URL: https://fonts.googleapis.com/css?family=Nunito%20Sans
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
sffe /
Resource Hash
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

Referer
https://fonts.googleapis.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 19 Sep 2022 21:11:13 GMT
x-content-type-options
nosniff
age
585277
content-security-policy-report-only
require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/apps-themes
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
16980
x-xss-protection
0
last-modified
Mon, 09 May 2022 18:33:54 GMT
server
sffe
cross-origin-opener-policy
same-origin; report-to="apps-themes"
report-to
{"group":"apps-themes","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/apps-themes"}]}
content-type
font/woff2
access-control-allow-origin
*
cache-control
public, max-age=31536000
accept-ranges
bytes
timing-allow-origin
*
expires
Tue, 19 Sep 2023 21:11:13 GMT
logo.png
origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/ 		10 KB
10 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/logo.png
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
decbc84828ee4dbf9ca4e93259f7b6e19c31974e6dce36641ff22133eec64bb7

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:40 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176211
Connection
keep-alive
Content-Length
9833
bannerUltimate.png
origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/ 		120 KB
120 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/bannerUltimate.png
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
bd933a0ee3d6e96635d1024150229f285892c448e8949ea3d161fef514782f23

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:40 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176211
Connection
keep-alive
Content-Length
122270
712213462
player.vimeo.com/video/ Frame 54B5 		18 KB
9 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/712213462?h=1fd7d8fbe0&badge=0&autopause=0&autoplay=0&muted=0&loop=1&player_id=0&app_id=58479
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
5e309fc5ca4bbde08bf86533aa5c383d5c06a015b4a8cbcf016cc6ffffca9b67
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://share.acorns.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Age
0
CF-Cache-Status
DYNAMIC
CF-RAY
750d21055f4fa204-YYZ
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 26 Sep 2022 15:45:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
MISS
X-Cache-Hits
0
X-Player-Backend
p
X-Served-By
cache-yyz4547-YYZ
X-Timer
S1664207151.965404,VS0,VE46
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*
expires
Mon, 26 Sep 2022 15:54:30 GMT
link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
x-backend-proxy
playproxy9
x-bapp-server
player-84c9846b45-ln2l5
x-content-type-options
nosniff
x-host
player-84c9846b45-ln2l5
x-varnish-cache
1
x-vserver
playproxy-rollout-prod-varnish-8
x-xss-protection
1; mode=block
checkedImage.png
origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/ 		346 B
715 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/checkedImage.png
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
758c0a7e2c476a0d846463306fd425dab2f985c995abf8145978625c6e78aa64

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:40 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176211
Connection
keep-alive
Content-Length
369
last_image.png
origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/ 		18 KB
18 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/img/last_image.png
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
e5367d1810033fa860d4e9280b2b73718aab46f55c2cb2a0b92f151c29817adb

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:40 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176213
Connection
keep-alive
Content-Length
18260
1435927138-1b2febfc2fc145cc889780e10d323695c2d727411ff822482dc0949364f4c8c6-d.jpg
i.vimeocdn.com/video/ Frame 54B5 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.vimeocdn.com/video/1435927138-1b2febfc2fc145cc889780e10d323695c2d727411ff822482dc0949364f4c8c6-d.jpg?mw=80&q=85
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/712213462?h=1fd7d8fbe0&badge=0&autopause=0&autoplay=0&muted=0&loop=1&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
48fa2071490481acae68d289052b1b27ef7545ee34d56e9e4858a872334646fa

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
1811008
x-viewmaster-lossless-format
lossy
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
1779
viewmaster-server
viewmaster-us-east1-5tk1
x-served-by
cache-dfw-kdfw8210106-DFW, cache-iad-kiad7000023-IAD
x-timer
S1664207151.121842,VS0,VE0
etag
bfe903f59494ce271f9203a7ca85365b
access-control-max-age
86400
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
1, 2
player.js
f.vimeocdn.com/p/4.10.1/js/ Frame 54B5 		886 KB
0 		Script
General
Check archive.org
Download Go to
Full URL
https://f.vimeocdn.com/p/4.10.1/js/player.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/712213462?h=1fd7d8fbe0&badge=0&autopause=0&autoplay=0&muted=0&loop=1&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 varnish
age
72499
x-served-by
cache-iad-kiad7000111-IAD
vary
Accept-Encoding,x-http-method-override
x-cache
HIT
content-type
application/javascript
content-encoding
br
cache-control
max-age=1209600
accept-ranges
bytes
x-timer
S1664207151.123629,VS0,VE0
content-length
212091
x-cache-hits
7638
player.css
f.vimeocdn.com/p/4.10.1/css/ Frame 54B5 		203 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://f.vimeocdn.com/p/4.10.1/css/player.css
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/712213462?h=1fd7d8fbe0&badge=0&autopause=0&autoplay=0&muted=0&loop=1&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
367834876a24a605026df5c556f217621eaf75d1df34344227b3ab2bd2742fb2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 varnish
age
72499
x-served-by
cache-iad-kiad7000111-IAD
vary
Accept-Encoding,x-http-method-override
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
content-encoding
br
cache-control
max-age=1209600
accept-ranges
bytes
x-timer
S1664207151.123749,VS0,VE0
content-length
20284
x-cache-hits
7911
a627150995.html
a627150995.cdn.optimizely.com/client_storage/ Frame F82B 		2 KB
1 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://a627150995.cdn.optimizely.com/client_storage/a627150995.html
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/9730220283.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
23.5.226.225 Secaucus, United States, ASN16625 (AKAMAI-AS, US),
Reverse DNS
a23-5-226-225.deploy.static.akamaitechnologies.com
Software
AmazonS3 /
Resource Hash
93a02422c2be349042d572a2817dfca086c8eeee92581ccb7aebe992fafaa472
Security Headers
Name Value
Strict-Transport-Security max-age=15768000

Request headers

Referer
https://share.acorns.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

accept-ranges
bytes
cache-control
max-age=120
content-encoding
gzip
content-length
803
content-type
text/html; charset=utf-8
date
Mon, 26 Sep 2022 15:45:51 GMT
etag
"d361996c976cbdf598f8837e8c7e4daf"
last-modified
Mon, 26 Sep 2022 14:21:14 GMT
server
AmazonS3
server-timing
cdn;desc="AkamaiION";dur=0,rtt;desc="17";dur=0,cdnip;desc="23.5.226.225";dur=0,cdnmap;desc="a4728.x.akamaiedge.net";dur=0,proto;desc="h2";dur=0
strict-transport-security
max-age=15768000
vary
Accept-Encoding
x-amz-id-2
skGar2IC2NXsu92hJmjKqG0p+1I0fOXJrA5geIrPef3PGiTjtdvoI9NOIitGc4v1opEqSsie/jA=
x-amz-meta-pci_enabled
False
x-amz-replication-status
COMPLETED
x-amz-request-id
8TBNEVYZ39JEZ6X6
x-amz-server-side-encryption
AES256
x-amz-version-id
kAaaBZkwiU0b__QFRtXBY4QMiqIJkfle
714224408
player.vimeo.com/video/ Frame 1DFB 		49 KB
20 KB 		Document
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/9730220283.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
f3e56f277291eacfed2a1e889204d1a824f571296902c1c40145559e17a8c0fc
Security Headers
Name Value
Content-Security-Policy script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*; report-uri /_csp
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://share.acorns.com/
Upgrade-Insecure-Requests
1
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
accept-language
en-CA,en;q=0.9

Response headers

Age
0
CF-Cache-Status
DYNAMIC
CF-RAY
750d2107a9c5a21c-YYZ
Connection
keep-alive
Content-Encoding
gzip
Content-Type
text/html; charset=UTF-8
Date
Mon, 26 Sep 2022 15:45:51 GMT
Server
cloudflare
Transfer-Encoding
chunked
Vary
Accept-Encoding
X-Cache
MISS
X-Cache-Hits
0
X-Player-Backend
p
X-Served-By
cache-yyz4578-YYZ
X-Timer
S1664207151.325351,VS0,VE68
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
content-security-policy
script-src 'self' 'unsafe-inline' blob: resource: https://f.vimeocdn.com https://vimeo.com https://js-agent.newrelic.com https://imasdk.googleapis.com/ https://adservice.google.com/ https://s0.2mdn.net/instream/video/ https://bam.nr-data.net https://src.litix.io https://www.gstatic.com https://cdn.streamroot.io https://cdn.kollective.app/ https://wirewax.s3.eu-west-1.amazonaws.com https://edge-assets.wirewax.com https://embedder-sdk.wirewax.com https://embedder-sdk.wirewax.tv https://f.vimeocdn.com; style-src 'self' 'unsafe-inline' https://f.vimeocdn.com https://fonts.googleapis.com https://edge-assets.wirewax.com https://f.vimeocdn.com; connect-src 'self' ws: wss: https://vimeo.com https://vimeo.dev https://api.vimeo.com https://api.vimeo.dev https://*.ci.vimeows.com https://csi.gstatic.com https://fresnel-player-staging.vimeows.com https://fresnel-event-staging.vimeows.com https://player-telemetry.vimeo.com https://*.akamaized.net https://*.akamaized-staging.net https://*.vimeocdn.com https://netflux.cloud.vimeo.com https://lic.staging.drmtoday.com https://lic.drmtoday.com https://wv.service.expressplay.com https://fp.service.expressplay.com https://pr.service.expressplay.com https://sentry.io https://*.ingest.sentry.io https://storage.googleapis.com https://bam.nr-data.net https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://*.litix.io/ https://collector.vhx.tv https://collector.vhxstaging.com https://*.dna-delivery.com https://*.kollective.app/ https://mimir.cloud.vimeo.com https://*.wirewax.com https://*.wirewax.tv https://wirewax.s3.eu-west-1.amazonaws.com https://sqs.us-east-1.amazonaws.com https://sqs.eu-west-1.amazonaws.com https://s3-eu-west-1.amazonaws.com https://cognito-identity.us-east-1.amazonaws.com https://cognito-identity.eu-west-1.amazonaws.com; media-src 'self' blob: https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net https://*.gvt1.com https://live-api.cloud.vimeo.com https://live-api-dev.cloud.vimeo.com https://devcaptions.cloud.vimeo.com/; object-src 'self' https://*.vimeocdn.com https://*.akamaized.net https://*.akamaized-staging.net; default-src 'none'; font-src https://edge-assets.wirewax.com https://player.vimeo.com https://fonts.gstatic.com; img-src 'self' data: https://i.vimeocdn.com https://secure-b.vimeocdn.com https://f.vimeocdn.com https://vimeo.com https://secure.gravatar.com https://i0.wp.com https://i1.wp.com https://i2.wp.com https://pagead2.googlesyndication.com https://player.vimeo.com https://*.ci.vimeows.com https://videoapi-sprites.vimeocdn.com https://i.vimeocdn.com https://wirewax.s3.eu-west-1.amazonaws.com https://studio-media.wirewax.com https://edge-assets.wirewax.com https://maps.googleapis.com https://f.vimeocdn.com; frame-src 'self' https://*; report-uri /_csp
expires
Mon, 26 Sep 2022 15:47:19 GMT
link
<https://i.vimeocdn.com>; rel=preconnect; crossorigin <https://f.vimeocdn.com>; rel=preconnect; crossorigin <https://fresnel.vimeocdn.com>; rel=preconnect; crossorigin
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
strict-transport-security
max-age=31536000; includeSubDomains; preload
via
1.1 varnish, 1.1 varnish
x-backend-proxy
playproxy2
x-bapp-server
player-84c9846b45-74x9d
x-content-type-options
nosniff
x-host
player-84c9846b45-74x9d
x-varnish-cache
1
x-vserver
playproxy-rollout-prod-varnish-1
x-xss-protection
1; mode=block
player.js
player.vimeo.com/api/ 		20 KB
7 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/api/player.js
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/9730220283.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
32c580e50f2df6739be4d12863694b740885c8aa6edbc80d87768f1af88f1005
Security Headers
Name Value
Content-Security-Policy default-src 'none'; style-src 'unsafe-inline'
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-varnish-cache
1
Date
Mon, 26 Sep 2022 15:45:51 GMT
content-encoding
gzip
x-content-type-options
nosniff
CF-Cache-Status
DYNAMIC
Age
1167
X-Cache
HIT
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
x-host
player-84c9846b45-htw5n
Connection
keep-alive
x-vserver
playproxy-rollout-prod-varnish-0
Content-Length
6136
x-xss-protection
1; mode=block
X-Served-By
cache-yyz4547-YYZ
X-Player-Backend
p
Server
cloudflare
X-Timer
S1664207151.289231,VS0,VE0
x-backend-proxy
playproxy1
Vary
Accept-Encoding
strict-transport-security
max-age=31536000; includeSubDomains; preload
Content-Type
application/javascript;charset=utf-8
via
1.1 varnish, 1.1 varnish
expires
Mon, 26 Sep 2022 15:54:30 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server
player-84c9846b45-htw5n
content-security-policy
default-src 'none'; style-src 'unsafe-inline'
Accept-Ranges
bytes
CF-RAY
750d21077b82a204-YYZ
access-control-allow-origin
*
X-Cache-Hits
675
checkedImage.png
origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7085194179666093450:version=1:coreAssetsVersion=96/img/ 		346 B
714 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://origin.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7085194179666093450:version=1:coreAssetsVersion=96/img/checkedImage.png
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
758c0a7e2c476a0d846463306fd425dab2f985c995abf8145978625c6e78aa64

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 20 Apr 2022 23:08:55 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
image/png
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=610811
Connection
keep-alive
Content-Length
369
analytics.js
www.google-analytics.com/ 		49 KB
20 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/analytics.js
Requested by
Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=UA-46142661-9
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

strict-transport-security
max-age=10886400; includeSubDomains; preload
content-encoding
gzip
x-content-type-options
nosniff
last-modified
Sun, 11 Sep 2022 13:50:09 GMT
server
Golfe2
age
4819
date
Mon, 26 Sep 2022 14:25:32 GMT
vary
Accept-Encoding
content-type
text/javascript
cache-control
public, max-age=7200
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
19826
expires
Mon, 26 Sep 2022 16:25:32 GMT
MainView.js
origin-7.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/js/ 		1 KB
991 B 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-7.xtlo.net/type=creativeArchive:clientId=1842186254:creativeArchiveId=7142978284819369807:version=5:coreAssetsVersion=112/js/MainView.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
22662228af2910d1eedf3c6ce93bfbd018efe15dcdb0714b9537b408df30c3a7

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:40 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2175277
Connection
keep-alive
Content-Length
632
user-service.js
origin-0.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/ 		6 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-0.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/user-service.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
1109de4cdc9a1204cce9d4c3cfcaf5c38d27663351566545f26f878d0acb38ec

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:52 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176159
Connection
keep-alive
Content-Length
1907
collect
www.google-analytics.com/j/ 		2 B
207 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j97&a=1890890342&t=pageview&_s=1&dl=https%3A%2F%2Fshare.acorns.com%2Fzones%2Ffriend_landing_experience_microsite%3Fextole_share_channel%3DSHARE_LINK%26extole_shareable_code%3Ddevinrexford%26cro-test%3Dtrue&ul=en-us&de=UTF-8&dt=Redeem%20your%20%245%20investment!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&_u=YEBAAUABAAAAAC~&jid=227986321&gjid=1476401226&cid=1914474230.1664207151&tid=UA-46142661-9&_gid=832310216.1664207151&_r=1&gtm=2ou9l0&z=990042300
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://share.acorns.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
2
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
www.google-analytics.com/j/ 		4 B
71 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://www.google-analytics.com/j/collect?v=1&_v=j97&a=1890890342&t=event&ni=1&_s=1&dl=https%3A%2F%2Fshare.acorns.com%2Fzones%2Ffriend_landing_experience_microsite%3Fextole_share_channel%3DSHARE_LINK%26extole_shareable_code%3Ddevinrexford%26cro-test%3Dtrue&ul=en-us&de=UTF-8&dt=Redeem%20your%20%245%20investment!&sd=24-bit&sr=1600x1200&vp=1600x1200&je=0&ec=Optimizely&ea=%5B100%25%20to%20v1%5D%20ACRNS-145%20%5BReferral%5D%5BEveryone%5D%20Round%20Ups%20video%20in%20hero&el=v1%3A%20Video%20in%20body&_u=6EDAAUABAAAAAC~&jid=2111409189&gjid=557261792&cid=1914474230.1664207151&tid=UA-46142661-9&_gid=832310216.1664207151&_r=1&_slc=1&z=785813325
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81d::200e Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
Security Headers
Name Value
X-Content-Type-Options nosniff

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
content-type
text/plain
access-control-allow-origin
https://share.acorns.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
collect
stats.g.doubleclick.net/j/ 		4 B
442 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=227986321&gjid=1476401226&_gid=832310216.1664207151&_u=YEBAAUAAAAAAAC~&z=1138158892
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 26 Sep 2022 15:45:51 GMT
content-type
text/plain
access-control-allow-origin
https://share.acorns.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
_csp
player.vimeo.com/ Frame 1DFB 		0
1007 B 		Other
General
Check archive.org
Download Go to
Full URL
https://player.vimeo.com/_csp
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.138.60 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Content-Security-Policy default-src 'self'; script-src 'self' https://f.vimeocdn.com; style-src 'self' https://f.vimeocdn.com; img-src 'self' https://i.vimeocdn.com https://f.vimeocdn.com
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Xss-Protection 1; mode=block

Request headers

Referer
https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
application/csp-report

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Via
1.1 varnish
x-content-type-options
nosniff
CF-Cache-Status
DYNAMIC
X-Cache
MISS
p3p
CP="This is not a P3P policy! See https://vimeo.com/privacy"
x-host
player-84c9846b45-nfqgp
Connection
keep-alive
Vary
Accept-Encoding
x-xss-protection
1; mode=block
X-Served-By
cache-yyz4520-YYZ
X-Player-Backend
p
Server
cloudflare
X-Timer
S1664207151.440179,VS0,VE46
x-backend-proxy
playproxy1
strict-transport-security
max-age=31536000; includeSubDomains; preload
Content-Type
text/html; charset=UTF-8
expires
Fri, 15 Dec 1985 19:30:00 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server
player-84c9846b45-nfqgp
content-security-policy
default-src 'self'; script-src 'self' https://f.vimeocdn.com; style-src 'self' https://f.vimeocdn.com; img-src 'self' https://i.vimeocdn.com https://f.vimeocdn.com
Accept-Ranges
bytes
CF-RAY
750d21086b38a21c-YYZ
X-Cache-Hits
0
1439577783-765cde4a270c6004cd70b69177d65ce421cd9476fbb79a48b4a3d9a06faa20e2-d.jpg
i.vimeocdn.com/video/ Frame 1DFB 		2 KB
2 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.vimeocdn.com/video/1439577783-765cde4a270c6004cd70b69177d65ce421cd9476fbb79a48b4a3d9a06faa20e2-d.jpg?mw=80&q=85
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
fb5da1b0d568d3842ecaefcca11f479bbc03ce72c2717556e4920a5f052d00ff

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
1719188
x-viewmaster-lossless-format
lossy
x-cache
miss, HIT, HIT
x-backend-server
varnish
content-length
1672
viewmaster-server
viewmaster-us-central1-pb74
x-served-by
cache-dfw-kdfw8210086-DFW, cache-iad-kiad7000023-IAD
x-timer
S1664207151.435577,VS0,VE0
etag
ccefe4cd5bc32eaf3f39fc63b3349970
access-control-max-age
86400
content-type
image/jpeg
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
1, 2
player.js
f.vimeocdn.com/p/4.10.1/js/ Frame 1DFB 		886 KB
207 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://f.vimeocdn.com/p/4.10.1/js/player.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
f8c22491872aae8cdfb88dce37ade08e14d76f1a677307deda4eb987b995a803

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 varnish
age
72499
x-served-by
cache-iad-kiad7000111-IAD
vary
Accept-Encoding,x-http-method-override
x-cache
HIT
content-type
application/javascript
content-encoding
br
cache-control
max-age=1209600
accept-ranges
bytes
x-timer
S1664207151.437841,VS0,VE0
content-length
212091
x-cache-hits
7639
player.css
f.vimeocdn.com/p/4.10.1/css/ Frame 1DFB 		203 KB
20 KB 		Stylesheet
General
Check archive.org
Download Go to
Full URL
https://f.vimeocdn.com/p/4.10.1/css/player.css
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
367834876a24a605026df5c556f217621eaf75d1df34344227b3ab2bd2742fb2

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 varnish
age
72499
x-served-by
cache-iad-kiad7000111-IAD
vary
Accept-Encoding,x-http-method-override
x-cache
HIT
content-type
text/css
access-control-allow-origin
*
content-encoding
br
cache-control
max-age=1209600
accept-ranges
bytes
x-timer
S1664207151.437841,VS0,VE0
content-length
20284
x-cache-hits
7912
vuid.min.js
f.vimeocdn.com/js_opt/modules/utils/ Frame 1DFB 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
c051b8b5eb2a0aef699780f15a449491868faa6f8b39b684b5ae8f64f345b94a

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 varnish
age
599313
x-timer
S1664207151.437843,VS0,VE0
x-served-by
cache-iad-kiad7000111-IAD
vary
Accept-Encoding,x-http-method-override
x-cache
HIT
content-type
application/javascript
content-encoding
gzip
cache-control
public, max-age=2592000
accept-ranges
bytes
timing-allow-origin
*
content-length
997
x-cache-hits
70811
collect
stats.g.doubleclick.net/j/ 		4 B
70 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=2111409189&gjid=557261792&_gid=832310216.1664207151&_u=6EDAAUABAAAAAC~&z=167090858
Requested by
Host: www.google-analytics.com
URL: https://www.google-analytics.com/analytics.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4004:c09::9b Ashburn, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
Golfe2 /
Resource Hash
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
Security Headers
Name Value
Strict-Transport-Security max-age=10886400; includeSubDomains; preload
X-Content-Type-Options nosniff

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain

Response headers

pragma
no-cache
strict-transport-security
max-age=10886400; includeSubDomains; preload
x-content-type-options
nosniff
last-modified
Sun, 17 May 1998 03:00:00 GMT
server
Golfe2
date
Mon, 26 Sep 2022 15:45:51 GMT
content-type
text/plain
access-control-allow-origin
https://share.acorns.com
cache-control
no-cache, no-store, must-revalidate
access-control-allow-credentials
true
cross-origin-resource-policy
cross-origin
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
4
expires
Fri, 01 Jan 1990 00:00:00 GMT
vuid
vimeo.com/ablincoln/ Frame 1DFB 		0
894 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://vimeo.com/ablincoln/vuid?pid=b8fd8d3c380f19a52c86828f2551613c59af5f871664207151
Requested by
Host: f.vimeocdn.com
URL: https://f.vimeocdn.com/js_opt/modules/utils/vuid.min.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.159.128.61 -, , ASN13335 (CLOUDFLARENET, US),
Reverse DNS
Software
cloudflare /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains; preload
X-Content-Type-Options nosniff
X-Frame-Options sameorigin
X-Xss-Protection 1; mode=block

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Via
1.1 varnish, 1.1 varnish
x-content-type-options
nosniff
CF-Cache-Status
DYNAMIC
content-security-policy-report-only
default-src https: data: blob: wss: 'unsafe-inline' 'unsafe-eval'; report-uri /_csp
X-Cache
MISS, MISS
Connection
keep-alive
Vary
User-Agent
x-xss-protection
1; mode=block
X-Served-By
cache-iad-kiad7000050-IAD, cache-yyz4544-YYZ
x-vimeo-device
d
Server
cloudflare
X-Timer
S1664207152.541208,VS0,VE55
x-frame-options
sameorigin
x-backend-proxy
webproxy10
strict-transport-security
max-age=31536000; includeSubDomains; preload
expires
Mon, 26 Sep 2022 03:45:51 GMT
cache-control
no-store, no-cache, must-revalidate, post-check=0, pre-check=0
x-bapp-server
pweb-5fc67b97bb-twtw5
x-ua-compatible
IE=edge
Accept-Ranges
bytes
CF-RAY
750d2108ef1654af-YYZ
X-Cache-Hits
0, 0
ElementControl.js
origin-0.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-0.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ElementControl.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
29df32cfde158a82401f4127afe8e2442c694c7311adb871b3575644086f4ca0

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:34:44 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176205
Connection
keep-alive
Content-Length
1059
me-shareable-service.js
origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ 		2 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/me-shareable-service.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
f57173b7d7c840f271d27c79e91b54f4e58cd4f5cd85fa90ff5d75df852b49e6

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:29:02 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2175343
Connection
keep-alive
Content-Length
779
player-test-impression
fresnel.vimeocdn.com/add/ Frame 1DFB 		0
142 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fresnel.vimeocdn.com/add/player-test-impression?beacon=1
Requested by
Host: f.vimeocdn.com
URL: https://f.vimeocdn.com/p/4.10.1/js/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.202.204 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
204.202.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://player.vimeo.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://player.vimeo.com
date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
1439577783-765cde4a270c6004cd70b69177d65ce421cd9476fbb79a48b4a3d9a06faa20e2-d
i.vimeocdn.com/video/ Frame 1DFB 		21 KB
21 KB 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://i.vimeocdn.com/video/1439577783-765cde4a270c6004cd70b69177d65ce421cd9476fbb79a48b4a3d9a06faa20e2-d?mw=500&mh=290
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
146.75.30.109 Ashburn, United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
/
Resource Hash
ae12e89ba90e93294bd57a6c8f877fe2a5c9575ae975c665c56527a776426a07

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

date
Mon, 26 Sep 2022 15:45:51 GMT
via
vvarnish, 1.1 varnish, 1.1 varnish
age
1728867
x-viewmaster-lossless-format
automatic
x-cache
miss, HIT, HIT
access-control-max-age
86400
x-backend-server
varnish
content-length
21050
viewmaster-server
viewmaster-us-central1-x917
x-served-by
cache-dfw-kdfw8210086-DFW, cache-iad-kiad7000023-IAD
x-timer
S1664207152.608055,VS0,VE3
etag
bea3f07d926abc245da653e8d46813c5
vary
Accept
content-type
image/avif
access-control-allow-origin
*
access-control-expose-headers
X-Viewmaster-Status
cache-control
public, max-age=2592000
accept-ranges
bytes
x-cache-hits
1, 1
player-stats
fresnel.vimeocdn.com/add/ Frame 1DFB 		0
40 B 		Ping
General
Check archive.org
Download Go to
Full URL
https://fresnel.vimeocdn.com/add/player-stats?beacon=1&session-id=b8fd8d3c380f19a52c86828f2551613c59af5f871664207151
Requested by
Host: f.vimeocdn.com
URL: https://f.vimeocdn.com/p/4.10.1/js/player.js
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
34.120.202.204 Kansas City, United States, ASN15169 (GOOGLE, US),
Reverse DNS
204.202.120.34.bc.googleusercontent.com
Software
/
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://player.vimeo.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

access-control-allow-origin
https://player.vimeo.com
date
Mon, 26 Sep 2022 15:45:51 GMT
via
1.1 google
access-control-allow-credentials
true
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length
0
ga-audiences
www.google.com/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=227986321&_u=YEBAAUAAAAAAAC~&z=754805102
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2004 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=227986321&_u=YEBAAUAAAAAAAC~&z=754805102
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.com/ads/ 		42 B
107 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.com/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=2111409189&_u=6EDAAUABAAAAAC~&z=713130244
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:80c::2004 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
ga-audiences
www.google.ca/ads/ 		42 B
501 B 		Image
General
Check archive.org
Download Go to Show image
Full URL
https://www.google.ca/ads/ga-audiences?t=sr&aip=1&_r=4&slf_rd=1&v=1&_v=j97&tid=UA-46142661-9&cid=1914474230.1664207151&jid=2111409189&_u=6EDAAUABAAAAAC~&z=713130244
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
2607:f8b0:4006:81e::2003 Rockville, United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software
cafe /
Resource Hash
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
Security Headers
Name Value
X-Content-Type-Options nosniff
X-Xss-Protection 0

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://share.acorns.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

pragma
no-cache
date
Mon, 26 Sep 2022 15:45:51 GMT
x-content-type-options
nosniff
server
cafe
timing-allow-origin
*
p3p
policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control
no-cache, no-store, must-revalidate
cross-origin-resource-policy
cross-origin
content-type
image/gif
alt-svc
h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"
content-length
42
x-xss-protection
0
expires
Fri, 01 Jan 1990 00:00:00 GMT
nr-spa-1216.min.js
js-agent.newrelic.com/ Frame 1DFB 		49 KB
18 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://js-agent.newrelic.com/nr-spa-1216.min.js
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
H2
Security
TLS 1.3, , AES_128_GCM
Server
151.101.66.137 , United States, ASN54113 (FASTLY, US),
Reverse DNS
Software
AmazonS3 /
Resource Hash
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

x-amz-version-id
UU.F5jvoumAjQChriwTQHbisCFw_OInU
content-encoding
gzip
etag
"63e2df852d15ab21d7ff8fc4363222e8"
x-amz-request-id
EC4WHCV41J2PG0F8
x-cache
HIT
cross-origin-resource-policy
cross-origin
content-length
18216
x-amz-id-2
07T07n8uWoNfLUHQgSr5tTGsERPb5Z6DbGl+VfImB1rTQSNe/ORDeUQvbVBUscm/WNI/Ugfb4MM=
x-served-by
cache-yul12823-YUL
last-modified
Thu, 14 Apr 2022 16:45:57 GMT
server
AmazonS3
x-timer
S1664207152.726985,VS0,VE0
date
Mon, 26 Sep 2022 15:45:51 GMT
vary
Accept-Encoding
content-type
application/javascript
via
1.1 varnish
cache-control
public, max-age=7200, stale-if-error=604800
accept-ranges
bytes
x-cache-hits
4367
api.js
origin-4.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/ 		4 KB
2 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-4.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/api.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
d73d0f120b8b1fe872ad25a6482bb33a483103c4cf369fb64a85731210f39e56

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:33:01 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176173
Connection
keep-alive
Content-Length
1400
Shareable.js
origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ 		449 B
597 B 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/Shareable.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
60bcd794038ff4fb5e4d69dded874112bbea03998f62f852a21e6626c414f926

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:33:01 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2175351
Connection
keep-alive
Content-Length
238
me-shareable-service.js
origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/v2/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-7.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/v2/me-shareable-service.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
5ac13f31e1f379c648f717634fd4fe9c2bad010a20161be46163fa0c7edbf468

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:54 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2175333
Connection
keep-alive
Content-Length
934
shareable-service.js
origin-5.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/v2/ 		521 B
629 B 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-5.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/v2/shareable-service.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:5ab::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
feb8393130b69052ed6546978a81dd6dbca04695ff33f1ea173da518376bac2c

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:54 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2176210
Connection
keep-alive
Content-Length
270
689d5b4562
bam.nr-data.net/1/ Frame 1DFB 		49 B
615 B 		Script
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/1/689d5b4562?a=2815207&v=1216.487a282&to=NVVXNhYAWhJWBhVfCwwfcxcKAkAIWAtOQA0PVVpMBw5aFUUKDVoBEEMbDwUIWj5UCg9CFg1cWQcWW3kAXgspVwoGXFAQSgZRFQ%3D%3D&rst=485&ck=1&ref=https://player.vimeo.com/video/714224408&ap=1&be=158&fe=422&dc=167&af=err,xhr,stn,ins,spa&perf=%7B%22timing%22:%7B%22of%22:1664207151260,%22n%22:0,%22f%22:0,%22dn%22:1,%22dne%22:1,%22c%22:1,%22s%22:18,%22ce%22:36,%22rq%22:36,%22rp%22:146,%22rpe%22:148,%22dl%22:150,%22di%22:167,%22ds%22:167,%22de%22:167,%22dc%22:422,%22l%22:422,%22le%22:423%7D,%22navigation%22:%7B%7D%7D&fp=211&fcp=211&jsonp=NREUM.setToken
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82

Request headers

accept-language
en-CA,en;q=0.9
Referer
https://player.vimeo.com/
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
text/javascript
Access-Control-Allow-Origin
*
Transfer-Encoding
chunked
Cross-Origin-Resource-Policy
cross-origin
Connection
keep-alive
access-control-allow-credentials
true
CF-Ray
750d210acb63a229-YYZ
ApiRequestBuilder.js
origin-2.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ 		3 KB
1 KB 		Script
General
Check archive.org
Download Go to
Full URL
https://origin-2.xtlo.net/type=core:clientId=1842186254:coreAssetsVersion=112/common/client/ApiRequestBuilder.js?site=share.acorns.com
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_256_GCM
Server
2600:1400:d:588::10f5 New York, United States, ASN20940 (AKAMAI-ASN1, NL),
Reverse DNS
Software
Extole /
Resource Hash
a2a9e3ace7a69b1c48f8479aaeb8c37b9510c0b97fa3ea9b70979e1166e37aba

Request headers

Referer
https://share.acorns.com/
Origin
https://share.acorns.com
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
Content-Encoding
gzip
Last-Modified
Wed, 21 Sep 2022 19:18:54 GMT
Server
Extole
Vary
Accept-Encoding
Content-Type
application/javascript
Access-Control-Allow-Origin
*
Access-Control-Max-Age
2592000
Cache-Control
no-transform, max-age=2174602
Connection
keep-alive
Content-Length
1002
689d5b4562
bam.nr-data.net/events/1/ Frame 1DFB 		24 B
404 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://bam.nr-data.net/events/1/689d5b4562?a=2815207&v=1216.487a282&to=NVVXNhYAWhJWBhVfCwwfcxcKAkAIWAtOQA0PVVpMBw5aFUUKDVoBEEMbDwUIWj5UCg9CFg1cWQcWW3kAXgspVwoGXFAQSgZRFQ%3D%3D&rst=639&ck=1&ref=https://player.vimeo.com/video/714224408
Requested by
Host: player.vimeo.com
URL: https://player.vimeo.com/video/714224408?h=8f5cc88fd2&badge=0&autopause=0&player_id=0&app_id=58479
Protocol
HTTP/1.1
Security
TLS 1.3, , AES_128_GCM
Server
162.247.241.14 , United States, ASN23467 (NEWRELIC-AS-1, US),
Reverse DNS
Software
cloudflare /
Resource Hash
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300

Request headers

Referer
https://player.vimeo.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
content-type
text/plain

Response headers

Date
Mon, 26 Sep 2022 15:45:51 GMT
CF-Cache-Status
DYNAMIC
Server
cloudflare
Vary
Accept-Encoding
access-control-allow-methods
GET, POST, PUT, HEAD, OPTIONS
Content-Type
image/gif
Access-Control-Allow-Origin
https://player.vimeo.com
access-control-allow-credentials
true
Connection
keep-alive
CF-Ray
750d210b7cdca229-YYZ
Content-Length
24
token
share.acorns.com/api/v4/ 		129 B
883 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://share.acorns.com/api/v4/token
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.21.170.27 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-170-27.compute-1.amazonaws.com
Software
Extole /
Resource Hash
22c87cbb7f96d9e3150d3b997244f9caba8765d424b4a926e9ea1c05c3cf2733
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

Referer
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
accept-language
en-CA,en;q=0.9
x-extole-app
javascript_sdk
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
content-type
application/json

Response headers

date
Mon, 26 Sep 2022 15:45:52 GMT
content-encoding
gzip
server
Extole
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
p3p
CP="Please see our privacy policy"
access-control-expose-headers
X-Extole-Token
cache-control
no-cache
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
content-length
128
expires
Mon, 26 Sep 2022 15:45:51 GMT
me
share.acorns.com/api/v4/ 		274 B
794 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://share.acorns.com/api/v4/me
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.21.170.27 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-170-27.compute-1.amazonaws.com
Software
Extole /
Resource Hash
361c59239e11d9bf9963f3ab4c2f4c4037d5ec660c625ddb3d4cb4aa688212c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Referer
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
accept-language
en-CA,en;q=0.9
x-extole-app
javascript_sdk
authorization
49C7607ELINGID9LC0T0TN14FK
content-type
application/json

Response headers

date
Mon, 26 Sep 2022 15:45:52 GMT
content-encoding
gzip
server
Extole
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
p3p
CP="Please see our privacy policy"
access-control-expose-headers
X-Extole-Token
cache-control
no-cache
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
content-length
172
expires
Mon, 26 Sep 2022 15:45:51 GMT
me
share.acorns.com/api/v4/ 		274 B
794 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://share.acorns.com/api/v4/me
Requested by
Host: share.acorns.com
URL: https://share.acorns.com/core.js
Protocol
H2
Security
TLS 1.3, , AES_256_GCM
Server
52.21.170.27 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-21-170-27.compute-1.amazonaws.com
Software
Extole /
Resource Hash
361c59239e11d9bf9963f3ab4c2f4c4037d5ec660c625ddb3d4cb4aa688212c2
Security Headers
Name Value
Strict-Transport-Security max-age=31536000; includeSubDomains

Request headers

User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Referer
https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true
accept-language
en-CA,en;q=0.9
x-extole-app
javascript_sdk
authorization
49C7607ELINGID9LC0T0TN14FK
content-type
application/json

Response headers

date
Mon, 26 Sep 2022 15:45:52 GMT
content-encoding
gzip
server
Extole
vary
Origin, Accept-Encoding
access-control-allow-methods
GET, PUT, POST, DELETE, OPTIONS
p3p
CP="Please see our privacy policy"
access-control-expose-headers
X-Extole-Token
cache-control
no-cache
access-control-allow-credentials
true
strict-transport-security
max-age=31536000; includeSubDomains
content-type
application/json
access-control-allow-headers
DNT,X-Mx-ReqToken,Keep-Alive,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Authentication,Authorization,X-CSRF-TOKEN,X-NONCE
content-length
172
expires
Mon, 26 Sep 2022 15:45:51 GMT
events
logx.optimizely.com/v1/ 		0
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/9730220283.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.4.48.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-48-51.compute-1.amazonaws.com
Software
nginx/1.21.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 26 Sep 2022 15:45:52 GMT
Server
nginx/1.21.0
Content-Type
text/plain
Access-Control-Allow-Origin
https://share.acorns.com
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
f2eed825-818e-45a1-aedd-859734366a45
events
logx.optimizely.com/v1/ 		0
361 B 		XHR
General
Check archive.org
Download Go to
Full URL
https://logx.optimizely.com/v1/events
Requested by
Host: cdn.optimizely.com
URL: https://cdn.optimizely.com/js/9730220283.js
Protocol
HTTP/1.1
Security
TLS 1.2, ECDHE_RSA, AES_128_GCM
Server
52.4.48.51 Ashburn, United States, ASN14618 (AMAZON-AES, US),
Reverse DNS
ec2-52-4-48-51.compute-1.amazonaws.com
Software
nginx/1.21.0 /
Resource Hash
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer
https://share.acorns.com/
accept-language
en-CA,en;q=0.9
User-Agent
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/105.0.5195.125 Safari/537.36
Content-Type
text/plain;charset=UTF-8

Response headers

Date
Mon, 26 Sep 2022 15:45:53 GMT
Server
nginx/1.21.0
Content-Type
text/plain
Access-Control-Allow-Origin
https://share.acorns.com
Access-Control-Expose-Headers
X-Results-Data-Source
Access-Control-Allow-Credentials
true
Connection
keep-alive
Timing-Allow-Origin
*
X-Request-Id
663b3da7-d94d-43b7-878b-bba1ec005c63

Verdicts & Comments Add Verdict or Comment

41 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

object| 0 object| 1 object| onbeforeinput object| oncontextlost object| oncontextrestored function| structuredClone object| launchQueue object| onbeforematch function| getScreenDetails function| queryLocalFonts object| navigation object| extole function| $ function| jQuery undefined| _ object| optimizely object| CROQ object| CRO_PJS object| dataLayer object| CRO_SHARED_21632880448 function| gtag function| throttle object| cta string| href object| stickyCTA object| acrnsfiftythree number| scrollDist undefined| advocateCodeEl undefined| signUpButton undefined| referralAgreementEl undefined| mainEl object| google_tag_manager object| google_tag_data string| GoogleAnalyticsObject function| ga object| Vimeo boolean| VimeoPlayerResizeEmbeds_ boolean| VimeoSeoMetadataAppended object| gaplugins object| gaGlobal object| gaData

11 Cookies

Domain/Path Name / Value
.share.acorns.com/ Name: access_token
Value: 49C7607ELINGID9LC0T0TN14FK
.share.acorns.com/ Name: xtl_bid
Value: 7147715283276033407
.vimeo.com/ Name: __cf_bm
Value: 4xraCdN5Xgdbv7nOY8TKp.KILInbfqLCO8Tc35yubwk-1664207151-0-AYqJIKzeC/0VqtUVEvqBQvd1exEa94s3R5Qjlvuftrwjw5APXNa+6TQxtolG0E1i4D8CWksauZNpwN4xw+GxlsQ=
.acorns.com/ Name: optimizelyEndUserId
Value: oeu1664207151186r0.6220470496095716
.acorns.com/ Name: _ga
Value: GA1.2.1914474230.1664207151
.acorns.com/ Name: _gid
Value: GA1.2.832310216.1664207151
.acorns.com/ Name: _gat_gtag_UA_46142661_9
Value: 1
.acorns.com/ Name: _gat_cro_metrics_tracker
Value: 1
.vimeo.com/ Name: vuid
Value: pl756207117.625931683
.nr-data.net/ Name: JSESSIONID
Value: db01054aec98df6b
share.acorns.com/ Name: extole_access_token
Value: 49C7607ELINGID9LC0T0TN14FK

1 Console Messages

Source Level URL
Text
other warning URL: https://share.acorns.com/zones/friend_landing_experience_microsite?extole_share_channel=SHARE_LINK&extole_shareable_code=devinrexford&cro-test=true(Line 3230)
Message:
Allow attribute will take precedence over 'allowfullscreen'.

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header Value
Content-Security-Policy frame-ancestors https://*.extole.com
Strict-Transport-Security max-age=31536000; includeSubDomains
X-Frame-Options ALLOW-FROM https://*.extole.com

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

a627150995.cdn.optimizely.com
bam.nr-data.net
builder-assets.unbounce.com
cdn.optimizely.com
cdnjs.cloudflare.com
f.vimeocdn.com
fonts.googleapis.com
fonts.gstatic.com
fresnel.vimeocdn.com
i.vimeocdn.com
js-agent.newrelic.com
logx.optimizely.com
origin-0.xtlo.net
origin-2.xtlo.net
origin-4.xtlo.net
origin-5.xtlo.net
origin-7.xtlo.net
origin.xtlo.net
player.vimeo.com
share.acorns.com
stats.g.doubleclick.net
vimeo.com
www.google-analytics.com
www.google.ca
www.google.com
www.googletagmanager.com
146.75.30.109
151.101.66.137
162.159.128.61
162.159.138.60
162.247.241.14
23.5.226.225
2600:1400:d:487::13b8
2600:1400:d:588::10f5
2600:1400:d:5ab::10f5
2606:4700::6811:190e
2607:f8b0:4004:c09::9b
2607:f8b0:4006:80c::2004
2607:f8b0:4006:817::200a
2607:f8b0:4006:81d::200e
2607:f8b0:4006:81e::2003
2607:f8b0:4006:823::2008
34.120.202.204
52.21.170.27
52.4.48.51
99.84.108.26
0c9cf152a0ad00d4f102c93c613c104914be5517ac8f8e0831727f8bfbe8b300
0d9791763bcf08089691bf6321b19f3df30339f4af276753cd2e24e5381bfa9d
1109de4cdc9a1204cce9d4c3cfcaf5c38d27663351566545f26f878d0acb38ec
1c68904c86ce301c339d7762c9f3d71739f4b8410673dbf44f14c4de375cab27
224412cb30f93e51adfe6832c50b9b8f05109674abb1a7618ac08da241212eed
22662228af2910d1eedf3c6ce93bfbd018efe15dcdb0714b9537b408df30c3a7
22c87cbb7f96d9e3150d3b997244f9caba8765d424b4a926e9ea1c05c3cf2733
29df32cfde158a82401f4127afe8e2442c694c7311adb871b3575644086f4ca0
32c580e50f2df6739be4d12863694b740885c8aa6edbc80d87768f1af88f1005
361c59239e11d9bf9963f3ab4c2f4c4037d5ec660c625ddb3d4cb4aa688212c2
367834876a24a605026df5c556f217621eaf75d1df34344227b3ab2bd2742fb2
48fa2071490481acae68d289052b1b27ef7545ee34d56e9e4858a872334646fa
545156adeae44dadc82b98d504f805ebe77fb79c928ef34eed1057bb9d4cb8fe
5ac13f31e1f379c648f717634fd4fe9c2bad010a20161be46163fa0c7edbf468
5e309fc5ca4bbde08bf86533aa5c383d5c06a015b4a8cbcf016cc6ffffca9b67
60bcd794038ff4fb5e4d69dded874112bbea03998f62f852a21e6626c414f926
758c0a7e2c476a0d846463306fd425dab2f985c995abf8145978625c6e78aa64
7b787207f29ffd5672ab91b95f681b387b4d6433081cc8b47070f1d564827863
8685bca4bb29a8a8289c3effd282cb8718a7d14da65f1397481f213b15469f50
93a02422c2be349042d572a2817dfca086c8eeee92581ccb7aebe992fafaa472
97d5a594e7f76c7e50045b67667fd6b74b268515efe6425097be1b2647079787
9e25469f734732205f33dd80ff8ca12080406c18d2fa99a1f368103e51f7999f
a2a9e3ace7a69b1c48f8479aaeb8c37b9510c0b97fa3ea9b70979e1166e37aba
ae12e89ba90e93294bd57a6c8f877fe2a5c9575ae975c665c56527a776426a07
aec60bc104db041b1512185839f18f52986df7e569e5445f740dd60f763fbca8
bd933a0ee3d6e96635d1024150229f285892c448e8949ea3d161fef514782f23
c051b8b5eb2a0aef699780f15a449491868faa6f8b39b684b5ae8f64f345b94a
c1a45253022c089130ec3aae028572e9acc4cc0509d4ab550081f6b0c68877e6
c84423c305779f2aab07847a2e3870ac1ea4072e470d5eb149c01e0e0497eae3
cfeaf0f59987d7a545c83df4d35a124cd11fb40ecdd809c3d02e6e1ec386c7a6
d186e1d5396742ec52e4e5e8f59c5f004b86c16421cb331b1836b22ec833d686
d73d0f120b8b1fe872ad25a6482bb33a483103c4cf369fb64a85731210f39e56
dac715f087720dd7ff7067f5d2ec1988851fa93140ae8a9cbfaa15659dd7fd82
de3246094525b21a870fc7d2a67490d0132535c6fa5993755c549f1a9d1bd8af
decbc84828ee4dbf9ca4e93259f7b6e19c31974e6dce36641ff22133eec64bb7
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e5367d1810033fa860d4e9280b2b73718aab46f55c2cb2a0b92f151c29817adb
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f3e56f277291eacfed2a1e889204d1a824f571296902c1c40145559e17a8c0fc
f57173b7d7c840f271d27c79e91b54f4e58cd4f5cd85fa90ff5d75df852b49e6
f7f6a5894f1d19ddad6fa392b2ece2c5e578cbf7da4ea805b6885eb6985b6e3d
f8c22491872aae8cdfb88dce37ade08e14d76f1a677307deda4eb987b995a803
fb5da1b0d568d3842ecaefcca11f479bbc03ce72c2717556e4920a5f052d00ff
feb8393130b69052ed6546978a81dd6dbca04695ff33f1ea173da518376bac2c