www.tsb.co.nz Open in urlscan Pro
2001:8002:e22:ef00::3cfe:8ff1 Public Scan

Go To Rescan
Add Verdict Report

Submitted URL:
http://tsbbank.co.nz/
Effective URL:
https://www.tsb.co.nz/
Submission: On September 15 via api (September 15th 2024, 6:56:54 am UTC) from US — Scanned from NZ

Summary HTTP 80 Redirects Links 6 Behaviour Indicators

Summary

This website contacted 21 IPs in 4 countries across 18 domains to perform 80 HTTP transactions. The main IP is 2001:8002:e22:ef00::3cfe:8ff1, located in Australia and belongs to ASN-TELSTRA Telstra Limited, AU. The main domain is www.tsb.co.nz.
TLS certificate: Issued by R11 on July 24th 2024. Valid for: 3 months.

This is the only time www.tsb.co.nz was scanned on urlscan.io!

urlscan.io Verdict: No classification

Domain & IP information

	IP Address	AS Autonomous System
2 2	2600:1415:11:... 2600:1415:11::1737:f29b	20940 (AKAMAI-ASN1) (AKAMAI-ASN1)
4	2001:8002:e22... 2001:8002:e22:ef00::3cfe:8ff1	1221 (ASN-TELST...) (ASN-TELSTRA Telstra Limited)
35	203.134.85.154 203.134.85.154	9443 (VOCUS-RET...) (VOCUS-RETAIL-AU Vocus Retail)
1	18.67.110.87 18.67.110.87	16509 (AMAZON-02) (AMAZON-02)
1	18.67.110.70 18.67.110.70	16509 (AMAZON-02) (AMAZON-02)
1	2606:4700::68... 2606:4700::6811:f7cb	13335 (CLOUDFLAR...) (CLOUDFLARENET)
3	2404:6800:400... 2404:6800:4006:80a::2008	15169 (GOOGLE) (GOOGLE)
3	23.214.38.209 23.214.38.209	16625 (AKAMAI-AS) (AKAMAI-AS)
1	103.237.104.82 103.237.104.82	53580 (MARKETO) (MARKETO)
2	2620:1ec:bdf::31 2620:1ec:bdf::31	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
5	184.24.248.178 184.24.248.178	16625 (AKAMAI-AS) (AKAMAI-AS)
2	157.240.8.23 157.240.8.23	32934 (FACEBOOK) (FACEBOOK)
2	151.101.193.175 151.101.193.175	54113 (FASTLY) (FASTLY)
2	2a03:2880:f11... 2a03:2880:f119:8083:face:b00c:0:25de	32934 (FACEBOOK) (FACEBOOK)
8	103.237.104.73 103.237.104.73	53580 (MARKETO) (MARKETO)
1 2	142.251.221.70 142.251.221.70	15169 (GOOGLE) (GOOGLE)
1	2001:4860:480... 2001:4860:4802:34::181	15169 (GOOGLE) (GOOGLE)
1	2404:6800:400... 2404:6800:4003:c11::9d	15169 (GOOGLE) (GOOGLE)
1	142.250.67.3 142.250.67.3	15169 (GOOGLE) (GOOGLE)
1 2	52.231.230.148 52.231.230.148	8075 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1 1	2620:1ec:c11:... 2620:1ec:c11::237	8068 (MICROSOFT...) (MICROSOFT-CORP-MSN-AS-BLOCK)
1	35.241.45.82 35.241.45.82	396982 (GOOGLE-CL...) (GOOGLE-CLOUD-PLATFORM)
80	21

2 2600:1415:11::1737:f29b (Sydney, Australia) 2 redirects

ASN20940 (AKAMAI-ASN1, NL)

tsbbank.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
www.tsbbank.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

4 2001:8002:e22:ef00::3cfe:8ff1 (Australia)

ASN1221 (ASN-TELSTRA Telstra Limited, AU)

www.tsb.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

35 203.134.85.154 (Sydney, Australia)

ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU)
PTR: 154.85-134-203.akamai.cache.nsw.vocus.network

www.tsb.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.110.87 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-110-87.syd62.r.cloudfront.net

shielded.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 18.67.110.70 (United States)

ASN16509 (AMAZON-02, US)
PTR: server-18-67-110-70.syd62.r.cloudfront.net

staticcdn.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2606:4700::6811:f7cb (United States)

ASN13335 (CLOUDFLARENET, US)

unpkg.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 2404:6800:4006:80a::2008 (Sydney, Australia)

ASN15169 (GOOGLE, US)

www.googletagmanager.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

3 23.214.38.209 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a23-214-38-209.deploy.static.akamaitechnologies.com

munchkin.marketo.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 103.237.104.82 (United States)

ASN53580 (MARKETO, US)

454-ize-737.mktoresp.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2620:1ec:bdf::31 (United States)

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

www.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

5 184.24.248.178 (Sydney, Australia)

ASN16625 (AKAMAI-AS, US)
PTR: a184-24-248-178.deploy.static.akamaitechnologies.com

snrtp-cdn.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools
rtp-static.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 157.240.8.23 (Sydney, Australia)

ASN32934 (FACEBOOK, US)
PTR: xx-fbcdn-shv-01-syd2.fbcdn.net

connect.facebook.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 151.101.193.175 (San Francisco, United States)

ASN54113 (FASTLY, US)

nebula-cdn.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 2a03:2880:f119:8083:face:b00c:0:25de (Sydney, Australia)

ASN32934 (FACEBOOK, US)

www.facebook.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

8 103.237.104.73 (United States)

ASN53580 (MARKETO, US)

snrtp1.marketo.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 142.251.221.70 (Farmingdale, United States) 1 redirects

ASN15169 (GOOGLE, US)
PTR: syd09s31-in-f6.1e100.net

4214544.fls.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2001:4860:4802:34::181 (United States)

ASN15169 (GOOGLE, US)

analytics.google.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2404:6800:4003:c11::9d (Singapore, Singapore)

ASN15169 (GOOGLE, US)

stats.g.doubleclick.net	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 142.250.67.3 (Plainview, United States)

ASN15169 (GOOGLE, US)
PTR: syd15s16-in-f3.1e100.net

www.google.co.nz	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

2 52.231.230.148 (Busan, Korea, Republic Of) 1 redirects

ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.clarity.ms	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 2620:1ec:c11::237 (United States) 1 redirects

ASN8068 (MICROSOFT-CORP-MSN-AS-BLOCK, US)

c.bing.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

1 35.241.45.82 (Kansas City, United States)

ASN396982 (GOOGLE-CLOUD-PLATFORM, US)
PTR: 82.45.241.35.bc.googleusercontent.com

udc-neb.kampyle.com	Domain lookup VirusTotal SecurityTrails crt.sh Censys Domaintools

	Apex Domain Subdomains	Transfer
39	tsb.co.nz www.tsb.co.nz	356 KB
13	marketo.com snrtp-cdn.marketo.com rtp-static.marketo.com — Cisco Umbrella Rank: 20587 snrtp1.marketo.com — Cisco Umbrella Rank: 746985	213 KB
4	clarity.ms 1 redirects www.clarity.ms — Cisco Umbrella Rank: 682 f.clarity.ms Failed c.clarity.ms — Cisco Umbrella Rank: 1382	29 KB
3	doubleclick.net 1 redirects 4214544.fls.doubleclick.net ad.doubleclick.net Failed stats.g.doubleclick.net — Cisco Umbrella Rank: 130	981 B
3	kampyle.com nebula-cdn.kampyle.com — Cisco Umbrella Rank: 5876 udc-neb.kampyle.com — Cisco Umbrella Rank: 2654	88 KB
3	marketo.net munchkin.marketo.net — Cisco Umbrella Rank: 3674	8 KB
3	googletagmanager.com www.googletagmanager.com — Cisco Umbrella Rank: 43	296 KB
2	facebook.com www.facebook.com — Cisco Umbrella Rank: 106	3 KB
2	facebook.net connect.facebook.net — Cisco Umbrella Rank: 178	72 KB
2	tsbbank.co.nz 2 redirects tsbbank.co.nz www.tsbbank.co.nz	149 B
1	bing.com 1 redirects c.bing.com — Cisco Umbrella Rank: 231	772 B
1	google.co.nz www.google.co.nz — Cisco Umbrella Rank: 39102	63 B
1	google.com analytics.google.com — Cisco Umbrella Rank: 140
1	mktoresp.com 454-ize-737.mktoresp.com	487 B
1	unpkg.com unpkg.com — Cisco Umbrella Rank: 797	10 KB
1	staticcdn.co.nz staticcdn.co.nz — Cisco Umbrella Rank: 324108	1 KB
1	shielded.co.nz shielded.co.nz — Cisco Umbrella Rank: 485573	6 KB
0	medallia.com.au Failed analytics-fe.digital-cloud-syd1.medallia.com.au Failed
80	18

	Domain	Requested by
39	www.tsb.co.nz	www.tsb.co.nz www.googletagmanager.com www.clarity.ms nebula-cdn.kampyle.com
8	snrtp1.marketo.com	snrtp-cdn.marketo.com rtp-static.marketo.com
4	rtp-static.marketo.com	snrtp-cdn.marketo.com
3	munchkin.marketo.net	www.tsb.co.nz munchkin.marketo.net
3	www.googletagmanager.com	www.tsb.co.nz www.googletagmanager.com
2	c.clarity.ms	1 redirects
2	4214544.fls.doubleclick.net	1 redirects www.googletagmanager.com
2	www.facebook.com	www.tsb.co.nz
2	nebula-cdn.kampyle.com	www.googletagmanager.com nebula-cdn.kampyle.com
2	connect.facebook.net	www.tsb.co.nz connect.facebook.net
2	www.clarity.ms	www.tsb.co.nz www.clarity.ms
1	udc-neb.kampyle.com
1	c.bing.com	1 redirects
1	www.google.co.nz	www.tsb.co.nz
1	stats.g.doubleclick.net	www.googletagmanager.com
1	analytics.google.com	www.googletagmanager.com
1	snrtp-cdn.marketo.com	www.tsb.co.nz
1	454-ize-737.mktoresp.com	munchkin.marketo.net
1	unpkg.com	www.tsb.co.nz
1	staticcdn.co.nz	www.tsb.co.nz
1	shielded.co.nz	www.tsb.co.nz
1	www.tsbbank.co.nz	1 redirects
1	tsbbank.co.nz	1 redirects
0	analytics-fe.digital-cloud-syd1.medallia.com.au Failed	nebula-cdn.kampyle.com
0	f.clarity.ms Failed	www.clarity.ms
0	ad.doubleclick.net Failed	www.tsb.co.nz
80	26

This site contains links to these domains. Also see Links.

Domain
homebank.tsbbank.co.nz
apply.tsb.co.nz
www.facebook.com
www.instagram.com
nz.linkedin.com
www.youtube.com

Subject Issuer	Validity	Valid
www.tsb.co.nz R11	`2024-07-24` - `2024-10-22`	3 months	crt.sh
shielded.co.nz Amazon RSA 2048 M02	`2024-08-23` - `2025-09-20`	a year	crt.sh
staticcdn.co.nz Amazon RSA 2048 M02	`2024-08-30` - `2025-09-27`	a year	crt.sh
unpkg.com WE1	`2024-07-28` - `2024-10-26`	3 months	crt.sh
*.google-analytics.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.marketo.net DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.mktoresp.com DigiCert Global G2 TLS RSA SHA256 2020 CA1	`2024-08-15` - `2025-09-15`	a year	crt.sh
www.clarity.ms DigiCert TLS RSA SHA256 2020 CA1	`2024-09-04` - `2025-09-04`	a year	crt.sh
*.marketo.com DigiCert TLS RSA SHA256 2020 CA1	`2023-12-08` - `2024-12-11`	a year	crt.sh
*.facebook.com DigiCert SHA2 High Assurance Server CA	`2024-06-24` - `2024-09-22`	3 months	crt.sh
*.kampyle.com SSL.com RSA SSL subCA	`2023-11-07` - `2024-12-07`	a year	crt.sh
*.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.com WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.g.doubleclick.net WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh
*.google.co.nz WR2	`2024-08-12` - `2024-11-04`	3 months	crt.sh

This page contains 4 frames:

Primary Page: https://www.tsb.co.nz/
Frame ID: D8561F1EAE631713CCB738496131DFE1
Requests: 82 HTTP requests in this frame

Frame: https://4214544.fls.doubleclick.net/activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F
Frame ID: D316287FAD9CC4C47BAE9892105B16C2
Requests: 1 HTTP requests in this frame

Frame: data://truncated
Frame ID: 2052410411922EE2F1701638A887DC33
Requests: 2 HTTP requests in this frame

Frame: data://truncated
Frame ID: FB54F53369BC635FA4F95E896B609E74
Requests: 2 HTTP requests in this frame

Screenshot
Live screenshot

Full Image

Page Title

The perfect amount of bank | TSB

Page URL History Show full URLs

http://tsbbank.co.nz/ HTTP 307
https://tsbbank.co.nz/ HTTP 301
https://www.tsbbank.co.nz/ HTTP 301
https://www.tsb.co.nz/ Page URL

Detected technologies

Facebook (Widgets) Expand

Overall confidence: 100%
Detected patterns

//connect\.facebook\.([a-z]+)/[^/]*/[a-z]*\.js

Google Analytics (Analytics) Expand

Overall confidence: 100%
Detected patterns

Google Tag Manager (Tag Managers) Expand

Overall confidence: 100%
Detected patterns

googletagmanager\.com/ns\.html[^>]+></iframe>
googletagmanager\.com/gtm\.js
googletagmanager\.com/gtag/js

Marketo (Marketing Automation) Expand

Overall confidence: 100%
Detected patterns

munchkin\.marketo\.\w+/(?:([\d.]+)/)?munchkin\.js

jQuery (JavaScript Libraries) Expand

Overall confidence: 100%
Detected patterns

/([\d.]+)/jquery(?:\.min)?\.js
jquery.*\.js(?:\?ver(?:sion)?=([\d.]+))?

Page Statistics

80
Requests

94 %
HTTPS

41 %
IPv6

18
Domains

26
Subdomains

21
IPs

4
Countries

1080 kB
Transfer

3388 kB
Size

23
Cookies

6 Outgoing links

These are links going to different origins than the main page.

URL: https://homebank.tsbbank.co.nz/
Title: Log In

Search URL Search Domain Scan URL

URL: https://apply.tsb.co.nz/cip/tsb/p/tsb/onlinehomeloan/application.html
Title: Apply online

Search URL Search Domain Scan URL

URL: https://www.facebook.com/TSBNewZealand/

Search URL Search Domain Scan URL

URL: https://www.instagram.com/tsb_nz/

Search URL Search Domain Scan URL

URL: https://nz.linkedin.com/company/tsb_nz

Search URL Search Domain Scan URL

URL: https://www.youtube.com/TSBNewZealand

Search URL Search Domain Scan URL

Page URL History

This captures the URL locations of the websites, including HTTP redirects and client-side redirects via JavaScript or Meta fields.

http://tsbbank.co.nz/ HTTP 307
https://tsbbank.co.nz/ HTTP 301
https://www.tsbbank.co.nz/ HTTP 301
https://www.tsb.co.nz/ Page URL

Redirected requests

There were HTTP redirect chains for the following requests:

Request Chain 59

https://4214544.fls.doubleclick.net/activityi;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F HTTP 302
https://4214544.fls.doubleclick.net/activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F

Request Chain 79

https://c.clarity.ms/c.gif HTTP 302
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&RedC=c.clarity.ms&MXFR=0523932A571F6205129E87D1531F6CB2 HTTP 302
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&MUID=26C0919AF85C6077070F8561F9CD61B9

80 HTTP transactions
7 data transactions

Method
Protocol Status Resource
Path Size
x-fer Time
Latency Type
MIME-Type IP
Location

GET
H/1.1

200
OK

Primary Request / Show response
www.tsb.co.nz/
Redirect Chain

http://tsbbank.co.nz/
https://tsbbank.co.nz/
https://www.tsbbank.co.nz/
https://www.tsb.co.nz/

120 KB
20 KB

752ms
421ms

Document
text/html

2001:8002:e22:ef00::3cfe:8ff1
ASN-TELSTRA Telst...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:8002:e22:ef00::3cfe:8ff1 , Australia, ASN1221 (ASN-TELSTRA Telstra Limited, AU),

Reverse DNS

Software

Resource Hash

f5152fbfc6611b1a02ea9165ba94b1da9faf3ca672095c1a6da3f6cfa6042bc6

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Alt-Svc: h3=":443"; ma=93600
Cache-Control: max-age=600, public
Connection: keep-alive
Content-Encoding: br
Content-Language: en
Content-Length: 17818
Content-Security-Policy: default-src 'self' 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Content-Type: text/html; charset=UTF-8
Date: Sun, 15 Sep 2024 06:56:46 GMT
ETag: "1726383406-br"
Expires: Sun, 19 Nov 1978 05:00:00 GMT
Last-Modified: Sun, 15 Sep 2024 06:56:46 GMT
Referrer-Policy: strict-origin-when-cross-origin
Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Vary: Cookie,Accept-Encoding
X-Amz-Cf-Id: WDANVy_fTQ0ruJTmgeXz-dAhlUda2v9ZrX5dyDKBgJJV17uUsofU0w==
X-Amz-Cf-Pop: SYD62-P3
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 0

Redirect headers

content-length: 0
date: Sun, 15 Sep 2024 06:56:45 GMT
location: https://www.tsb.co.nz/

GET
H/1.1 200
OK A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8...
www.tsb.co.nz/sites/default/files/css/ 250 KB
39 KB 123ms
122ms Stylesheet
text/css 2001:8002:e22:ef00::3cfe:8ff1
ASN-TELSTRA Telst...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:8002:e22:ef00::3cfe:8ff1 , Australia, ASN1221 (ASN-TELSTRA Telstra Limited, AU),

Reverse DNS

Software

Resource Hash

9d1d52b444c1502f4c23e43b6747412c054ca65157dfe908d599dedff425d626

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Sun, 15 Sep 2024 06:56:46 GMT
X-Original-Content-Length: 256022
X-Amz-Cf-Pop: SYD62-P3
Connection: keep-alive
Alt-Svc: h3=":443"; ma=93600
Content-Length: 39746
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Sun, 15 Sep 2024 03:48:06 GMT
ETag: W/"0"
Vary: Cookie,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: text/css
Cache-Control: max-age=31524765
X-Amz-Cf-Id: 2Pf-BXHCAjCYAQ-zEZ8p9zqiACQjSRIznOMtbe2z7bTDklGRJgWyRQ==
Expires: Mon, 15 Sep 2025 03:49:31 GMT

GET
H/1.1 200
OK js_zXHb2_fi6Lu3Ud9-zDEneUSRmOFdnxjr7fY4Fs2Jwb8.js,qscope=header,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq... Show response
www.tsb.co.nz/sites/default/files/js/ 92 KB
33 KB 198ms
86ms Script
application/javascript 2001:8002:e22:ef00::3cfe:8ff1
ASN-TELSTRA Telst...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/sites/default/files/js/js_zXHb2_fi6Lu3Ud9-zDEneUSRmOFdnxjr7fY4Fs2Jwb8.js,qscope=header,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.Hy26AaXkjQ.js

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:8002:e22:ef00::3cfe:8ff1 , Australia, ASN1221 (ASN-TELSTRA Telstra Limited, AU),

Reverse DNS

Software

Resource Hash

54c3efbdfca5f0a68b2fe25942ec652c41ae5ce6e07baca2b9f1a895409adfbe

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Encoding: gzip
X-Content-Type-Options: nosniff
Date: Sun, 15 Sep 2024 06:56:46 GMT
X-Original-Content-Length: 94588
X-Amz-Cf-Pop: SYD62-P3
Connection: keep-alive
Alt-Svc: h3=":443"; ma=93600
Content-Length: 32606
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 28 Aug 2024 11:53:53 GMT
ETag: W/"0-gzip"
Vary: Cookie,Accept-Encoding
X-Frame-Options: SAMEORIGIN
Content-Type: application/javascript
Cache-Control: max-age=31501555
X-Amz-Cf-Id: 4CAvVcMzUL7FIUzJ6sus0uMnXhoZ0D7sU8uaHA1Yte3JBnPmOe4jog==
Expires: Sun, 14 Sep 2025 21:22:41 GMT

GET
H/1.1 200
OK logo.svg
www.tsb.co.nz/themes/TSB/ 2 KB
3 KB 241ms
83ms Image
image/svg+xml 2001:8002:e22:ef00::3cfe:8ff1
ASN-TELSTRA Telst...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/themes/TSB/logo.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

2001:8002:e22:ef00::3cfe:8ff1 , Australia, ASN1221 (ASN-TELSTRA Telstra Limited, AU),

Reverse DNS

Software

Resource Hash

b8710e59c134288dfa22585733639c1e70b133850bf414ee097f9e73eb4d8eee

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63072000; includeSubDomains; preload
Content-Security-Policy: default-src 'self' 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVNYTEwLW9vYmVUdnVSblZhLW5TQUFBQUF3'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
X-Content-Type-Options: nosniff
Date: Sun, 15 Sep 2024 06:56:46 GMT
Content-Encoding: gzip
X-Amz-Cf-Pop: SYD62-P3
Connection: keep-alive
Alt-Svc: h3=":443"; ma=93600
Content-Length: 879
X-XSS-Protection: 0
Referrer-Policy: strict-origin-when-cross-origin
Last-Modified: Wed, 28 Aug 2024 10:31:17 GMT
ETag: W/"763-620bbdbb1bb28"
X-Frame-Options: SAMEORIGIN
Vary: Cookie,Accept-Encoding
Content-Type: image/svg+xml
Cache-Control: max-age=31536000
X-Amz-Cf-Id: T-NfHGkmAMnlvog--EaY6B7F7VTqbehvF170SbV6x0Pa4h-zsBvY5A==
Expires: Mon, 15 Sep 2025 05:59:31 GMT

GET
H3 200 44x44xphone-cropped_360.png.pagespeed.ic.FLEQNCv2oY.png
www.tsb.co.nz/sites/default/files/menu_icons/ 2 KB
2 KB 383ms
380ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xphone-cropped_360.png.pagespeed.ic.FLEQNCv2oY.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

5b38685c3ce8b9d7e1bdf8779cd7ac5983028f904dfeccdd350d83c416ba1c3d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 2349
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 2167
referrer-policy: strict-origin-when-cross-origin
last-modified: Sat, 31 Aug 2024 11:22:15 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31455339
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/phone-cropped_360.png>; rel="canonical"
x-amz-cf-id: 60lIRM-rn-SfA93RDsUfRo6KkCl5T0UgVx_KIC43h2y5JCrc0pnMcA==
expires: Sun, 14 Sep 2025 08:32:26 GMT

GET
H3 200 44x44xmarker-pin-01.png.pagespeed.ic.zrahnGoRhi.png
www.tsb.co.nz/sites/default/files/menu_icons/ 1 KB
2 KB 520ms
518ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xmarker-pin-01.png.pagespeed.ic.zrahnGoRhi.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

229153c7c6646487031d2e5f8be0ec43a58bb341dcb5417fb0ae480efd4ac162

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 3416
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1532
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 09 Sep 2024 00:56:50 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31445915
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/marker-pin-01.png>; rel="canonical"
x-amz-cf-id: HbXe6iiHmd2FSvAd9y6UrWZ1Gn_kspsB1gY8dNcBRm8MP4fyUfYraw==
expires: Sun, 14 Sep 2025 05:55:22 GMT

GET
H3 200 send-cropped_360.png.pagespeed.ce.5QoYwDWBj9.png
www.tsb.co.nz/sites/default/files/menu_icons/ 2 KB
2 KB 521ms
518ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/send-cropped_360.png.pagespeed.ce.5QoYwDWBj9.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

6d85c6b6712f50bf6b61aeb1d96103d99903abb4d3fdba53ccf96552d9f86fcf

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 1652
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1652
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 12 Jun 2023 21:45:34 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31467483
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/send-cropped_360.png>; rel="canonical"
x-amz-cf-id: X4FQtA1bDKBq0WIItM3tDtpXc8uc71so0PzU7ZKtW2w1lTvY0nngCw==
expires: Sun, 14 Sep 2025 11:54:50 GMT

GET
H3 200 Homepage-transparent.webp
www.tsb.co.nz/sites/default/files/styles/home_hero_large_1x/public/2023-06/ 18 KB
18 KB 302ms
130ms Image
image/webp 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/home_hero_large_1x/public/2023-06/Homepage-transparent.webp?itok=lOPxUY1-

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e9b29db4f9339b5c9320c9dc1a64c95d0b099c3529514803addc148ec8774b2c

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sun, 15 Sep 2024 06:56:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:46 GMT
x-content-type-options: nosniff
x-original-content-length: 19136
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 18854
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
etag: W/"PSA-aj-UPvd9KIQUj"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: ELPrTu0RTv_HPetZBQ8UYcJcWIJTj7QVpX1X039HHm0XlSlr1-AabA==
quic-version: 0x00000001

GET
H3 200 ApplyPay-now-at-TSB.webp
www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2024-08/ 7 KB
7 KB 119ms
119ms Image
image/webp 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2024-08/ApplyPay-now-at-TSB.webp?h=94a077d4&itok=wiOdVOc4

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

a2df8a1ea57ff1a48259665a5aae51c21df18d91406f0a3e3623afb26c60c31d

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

expires: Sun, 15 Sep 2024 06:56:46 GMT
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:46 GMT
x-content-type-options: nosniff
x-original-content-length: 7416
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 7322
pragma: no-cache
referrer-policy: strict-origin-when-cross-origin
etag: W/"PSA-aj-34gZ9OeJlY"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=0, no-cache, no-store
x-amz-cf-id: ZDjYm8HIqxHlCTZAqstjsu0qi-I6iD6hMgcnHf_ARyMfMoV9-kqxAA==
quic-version: 0x00000001

GET
H3 200 Splayed_credit_cards_DF2305161%20WEB%20-%20Website%20refresh%20project%20images%201224x918px%20R02-Audi%20%282%29_1.webp
www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2023-07/ 9 KB
9 KB 377ms
375ms Image
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/image_cta_desktop_1x/public/2023-07/Splayed_credit_cards_DF2305161%20WEB%20-%20Website%20refresh%20project%20images%201224x918px%20R02-Audi%20%282%29_1.webp?h=94a077d4&itok=WKQCQTiZ

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

6acd54f2994ad7633ebed65bf2bf2349922118b715731763482a6cb2f802bf18

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZvd0FBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 9686
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 15 Sep 2024 01:53:03 GMT
etag: "25d6-6221eb77c5918"
x-frame-options: SAMEORIGIN
vary: Cookie
cache-control: max-age=31525117
accept-ranges: bytes
x-amz-cf-id: D_aARPCZPQLhqHwm5isaT1uLRQYp2-mcTan4dp8fcminvj3GpCHtMg==
expires: Mon, 15 Sep 2025 03:55:24 GMT

GET
H3 200 xTSB-card-control.png.webp,qitok=itPKiWa2.pagespeed.ic.lc-QTU6_g1.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/ 5 KB
5 KB 355ms
352ms Image
image/webp 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xTSB-card-control.png.webp,qitok=itPKiWa2.pagespeed.ic.lc-QTU6_g1.webp

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

0c91d9180a4fbd8d7a81f954632dfcc5570720d01ff2be2f3cd3f899e1d65677

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 5320
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 5222
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Sep 2024 01:33:52 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31516870
link: <https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/TSB-card-control.png.webp?itok=itPKiWa2>; rel="canonical"
x-amz-cf-id: iJIyijS0qcSBxgbFtijkOsVRgc_jmtD1rCQG9ZzFFylDSDVF3Z2J3Q==
expires: Mon, 15 Sep 2025 01:37:57 GMT

GET
H3 200 xChubb-Insurance.png.webp,qitok=DPhNUIiZ.pagespeed.ic.r_d9XGaysi.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/ 55 KB
55 KB 521ms
519ms Image
image/webp 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xChubb-Insurance.png.webp,qitok=DPhNUIiZ.pagespeed.ic.r_d9XGaysi.webp

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e79b999464b8a504fef7e85f011be9ccdbd7442d324d6d6af8dbba5bb590a0c6

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 56580
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 55848
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Sep 2024 02:26:44 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31484300
link: <https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/Chubb-Insurance.png.webp?itok=DPhNUIiZ>; rel="canonical"
x-amz-cf-id: TnvtraSfw-vq7nsL2QHSFV5UWqA3Ncb7Fts0JRTaCf6lYpsU7j52PQ==
expires: Sun, 14 Sep 2025 16:35:07 GMT

GET
H3 200 xTSB-stay-safe-from-cyber-crime.png.webp,qitok=8hofcVoQ.pagespeed.ic.enr7ONJ7IC.webp
www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/ 14 KB
14 KB 393ms
391ms Image
image/webp 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/xTSB-stay-safe-from-cyber-crime.png.webp,qitok=8hofcVoQ.pagespeed.ic.enr7ONJ7IC.webp

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

0c82a95daa5ef40bf810ade32aad3a375ed14df6966ea1bd65520d6a85029975

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 14844
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 14204
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 10 Sep 2024 02:26:44 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/webp
cache-control: max-age=31512108
link: <https://www.tsb.co.nz/sites/default/files/styles/webp/public/2024-08/TSB-stay-safe-from-cyber-crime.png.webp?itok=8hofcVoQ>; rel="canonical"
x-amz-cf-id: Aw12fHFklfDASGQ4xgZxSPZDe2CWPwVb3Mh_t32bx8_089LQSryV0w==
expires: Mon, 15 Sep 2025 00:18:35 GMT

GET
H3 200 44x44xlogo-fb.png.pagespeed.ic.Ionhj6-_zy.png
www.tsb.co.nz/sites/default/files/menu_icons/ 838 B
875 B 545ms
543ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-fb.png.pagespeed.ic.Ionhj6-_zy.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

9e056e574bfbca2ce3ec6cb73b68750db9bd29d91c3471add8b8db217f78a275

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 1967
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 838
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 09 Sep 2024 06:34:08 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31473151
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/logo-fb.png>; rel="canonical"
x-amz-cf-id: 59m2Bq35jkmV0pTy7q_wV4JaEQDfpCQq2m2Y9FdIkw4Rd-U2O0jWkA==
expires: Sun, 14 Sep 2025 13:29:18 GMT

GET
H3 200 44x44xlogo-ig.png.pagespeed.ic.keeuOmrj0q.png
www.tsb.co.nz/sites/default/files/menu_icons/ 1 KB
1 KB 392ms
390ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-ig.png.pagespeed.ic.keeuOmrj0q.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

79caa592cde5bfd0a417bf66926410d967a5334c9f0d1990671456e5bd4f5ce8

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 3284
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1172
referrer-policy: strict-origin-when-cross-origin
last-modified: Mon, 09 Sep 2024 00:56:46 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31462710
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/logo-ig.png>; rel="canonical"
x-amz-cf-id: aIUatUNlDN8E-kU-IpytOt2X_MJBT_pqQI9_HETP8Z3iwdQ0jAtpnQ==
expires: Sun, 14 Sep 2025 10:35:17 GMT

GET
H3 200 44x44xlogo-ln.png.pagespeed.ic.pn2yfO5xMn.png
www.tsb.co.nz/sites/default/files/menu_icons/ 911 B
939 B 364ms
362ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-ln.png.pagespeed.ic.pn2yfO5xMn.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

00e23df10377c1a86b7e881fd0e8e209b08c89a0fd3a9437d3e56d6087398f60

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 2135
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 911
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 08 Sep 2024 22:53:12 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31462678
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/logo-ln.png>; rel="canonical"
x-amz-cf-id: K9RsTh8wb3Kbf1Fr5Vnhw_C7Jb3CFL0L9aeXmM6vhrBHS3qzP-PynQ==
expires: Sun, 14 Sep 2025 10:34:45 GMT

GET
H3 200 44x44xlogo-yt.png.pagespeed.ic.jqV-2ZATyE.png
www.tsb.co.nz/sites/default/files/menu_icons/ 1017 B
1 KB 548ms
546ms Image
image/png 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/menu_icons/44x44xlogo-yt.png.pagespeed.ic.jqV-2ZATyE.png

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

5a33562cad9eb06c691cb48e26df44406a7eab40b986d508d0927d70d77dd0d2

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
date: Sun, 15 Sep 2024 06:56:47 GMT
x-content-type-options: nosniff
x-original-content-length: 2300
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1017
referrer-policy: strict-origin-when-cross-origin
last-modified: Sun, 08 Sep 2024 22:53:12 GMT
etag: W/"0"
vary: Cookie
x-frame-options: SAMEORIGIN
content-type: image/png
cache-control: max-age=31486141
link: <https://www.tsb.co.nz/sites/default/files/menu_icons/logo-yt.png>; rel="canonical"
x-amz-cf-id: 8Yrp0ih-W9f_2Au5eO3V7mSDBFsjKgVl__YDdr0MkQTbIaEA_VM1Og==
expires: Sun, 14 Sep 2025 17:05:48 GMT

GET
H2 200 custom-logo.png
shielded.co.nz/img/ 5 KB
6 KB 203ms
68ms Image
image/png 18.67.110.87
AMAZON-02

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://shielded.co.nz/img/custom-logo.png
Requested by: Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.110.87 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-110-87.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:28:00 GMT
via: 1.1 9ce11977697b826548974c991c092622.cloudfront.net (CloudFront)
last-modified: Sun, 18 Aug 2024 23:43:34 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 426527
etag: "2f18dfdc1b2bd0a11ee9f61d44043a91"
x-amz-server-side-encryption: AES256
x-cache: Hit from cloudfront
content-type: image/png
cache-control: max-age=604800, public
accept-ranges: bytes
content-length: 5432
x-amz-cf-id: FC37lZDrdacBBl_IWQGQaaxDubeZrNugYETDR3uULlA3xVpNA_jHrg==

GET
H2 200 embed.js Show response
staticcdn.co.nz/embed/ 2 KB
1 KB 203ms
66ms Script
application/javascript 18.67.110.70
AMAZON-02

General

Check archive.org

Show headers Download Go to

Full URL: https://staticcdn.co.nz/embed/embed.js
Requested by: Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 18.67.110.70 , United States, ASN16509 (AMAZON-02, US),
Reverse DNS: server-18-67-110-70.syd62.r.cloudfront.net
Software: AmazonS3 /
Resource Hash: 6a8996a4866b94877454218ae2202c8d1ac982a1a7d4870b07820d1b88fd576a

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Tue, 10 Sep 2024 08:28:00 GMT
content-encoding: br
via: 1.1 c7cd0041811f30bfd9c4a00e82b6a3c8.cloudfront.net (CloudFront)
x-amz-version-id: NaB52IBAvuJ49tFzlqzcmR789FA.blOC
last-modified: Sun, 18 Aug 2024 23:16:04 GMT
server: AmazonS3
x-amz-cf-pop: SYD62-P2
age: 426527
x-amz-server-side-encryption: AES256
etag: W/"a1c190aa2496322a03d0e1a782b5f5f5"
vary: accept-encoding
x-cache: Hit from cloudfront
content-type: application/javascript
cache-control: max-age=604800, public
x-amz-cf-id: YkDISaQB2ZHYHpTAXIcxKPcrvE6e4wEe34EkLjIF-oFfuDrVupx8IQ==

GET
H3 200 js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq... Show response
www.tsb.co.nz/sites/default/files/js/ 158 KB
42 KB 502ms
498ms Script
application/javascript 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/sites/default/files/js/js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.yUwXvse6_K.js

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

1af1da6717bf645b3f5b8af41f16f7a149f0bf11e817492a2b3f711f50a6bef7

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-original-content-length: 161838
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 43166
referrer-policy: strict-origin-when-cross-origin
last-modified: Thu, 29 Aug 2024 01:50:52 GMT
etag: W/"0-gzip"
vary: Cookie,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31520114
x-amz-cf-id: a97C8HFfuNRbzptnzdwnCA-bycd-iOrwzXKk5mHKyv_3MaPDBTrilg==
expires: Mon, 15 Sep 2025 02:32:01 GMT

GET
H2 200 popper.min.js Show response
unpkg.com/@popperjs/core@2.11.8/dist/umd/ 20 KB
10 KB 114ms
43ms Script
application/javascript 2606:4700::6811:f7cb
CLOUDFLARENET

General

Check archive.org

Show headers Download Go to

Full URL

https://unpkg.com/@popperjs/core@2.11.8/dist/umd/popper.min.js

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2606:4700::6811:f7cb , United States, ASN13335 (CLOUDFLARENET, US),

Reverse DNS

Software

cloudflare /

Resource Hash

c212f4b505a86352aed62b24a8f16f999f821ecbe6456c7f3c8a04bc87968782

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains; preload
X-Content-Type-Options	nosniff

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 15 Sep 2024 06:56:46 GMT
content-encoding: br
via: 1.1 fly.io
cf-cache-status: HIT
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; includeSubDomains; preload
age: 11450296
last-modified: Fri, 26 May 2023 17:27:16 GMT
fly-request-id: 01HX4ZN5KAD01M4H9QPFJAKR7Z-syd
server: cloudflare
etag: "4e9a-hx1u8QcL02PqOQ4MjDhOR9zn84k"
vary: Accept-Encoding
content-type: application/javascript; charset=utf-8
access-control-allow-origin: *
cache-control: public, max-age=31536000
cf-ray: 8c36b80538791c5d-AKL

GET
H3 200 js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhq... Show response
www.tsb.co.nz/sites/default/files/js/ 8 KB
2 KB 391ms
388ms Script
application/javascript 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/sites/default/files/js/js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.jeb9tqdAtJ.js

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

4c0e86b58a95d6cc42324dc9f51d082538b49b3762b4b210accb9b190a58443b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: gzip
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-original-content-length: 8294
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 2457
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 12:14:54 GMT
etag: W/"0-gzip"
vary: Cookie,Accept-Encoding
x-frame-options: SAMEORIGIN
content-type: application/javascript
cache-control: max-age=31512935
x-amz-cf-id: 48X66S-SS6t1NiGj5BUi5uSUf6d_IdTS87biSsckcy0tIMts9GKxbQ==
expires: Mon, 15 Sep 2025 00:32:22 GMT

GET
H2 200 gtm.js Show response
www.googletagmanager.com/ 365 KB
111 KB 677ms
278ms Script
application/javascript 2404:6800:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2008 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

14419be0b61d91116248f91d3a3518a26ade7d00a036846d98a3ea170fed9c00

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 113723
x-xss-protection: 0
last-modified: Sun, 15 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 15 Sep 2024 06:56:47 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 207ms
67ms Script
application/x-javascript 23.214.38.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js?aid=tsbco
Requested by: Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.214.38.209 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-214-38-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
DATA 200
OK truncated
/ 989 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: f228a13c7c9b5b87a7375616c3407201c58302d58280cc4333829506b9c16ba5

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
DATA 200
OK truncated
/ 580 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: b1da849f9ba52a0628eddab7ced3614feab840f94ef96ad7240fd34db334e39b

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 2e11868c8988e285301c.woff2
www.tsb.co.nz/themes/TSB/dist/ 18 KB
18 KB 373ms
372ms Font
application/font-woff2 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/themes/TSB/dist/2e11868c8988e285301c.woff2

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css
Origin: https://www.tsb.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVRcmVGb2Z6ZDRJb2ROM3p0OGlCd0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 18664
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 10:35:05 GMT
etag: "48e8-620bbe952e0b3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Cookie
content-type: application/font-woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: PZFpq8lWw3IaFs6BCqzXOQHAoLh__Hq-xXh7daSCdl0_PWZDajLVOg==
expires: Mon, 15 Sep 2025 06:56:47 GMT

GET
DATA 200
OK truncated
/ 504 B
0 Image
image/svg+xml

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: ba2e65e6de11b597587bdb304a49174e41a23ccd9bf20e7dec7fca7d07ffb439

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/svg+xml

GET
H3 200 18b322a60320289ab2b8.woff2
www.tsb.co.nz/themes/TSB/dist/ 18 KB
18 KB 389ms
388ms Font
application/font-woff2 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/themes/TSB/dist/18b322a60320289ab2b8.woff2

Requested by

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css
Origin: https://www.tsb.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVQTTlUenlzVHoxRDhJU0xOaUlJZ0FBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 18628
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 10:35:05 GMT
etag: "48c4-620bbe952e0b3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Cookie
content-type: application/font-woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: E9gNl8LkBo7Pst-SuCbOz-AykISAgUHR1FyjNkWlR92Kw_1WSQsWmQ==
expires: Sun, 14 Sep 2025 12:06:42 GMT

GET
H3 200 33c6485cbb8a07c48900.woff2
www.tsb.co.nz/themes/TSB/dist/ 18 KB
18 KB 419ms
418ms Font
application/font-woff2 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/themes/TSB/dist/33c6485cbb8a07c48900.woff2

Requested by

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

af5a9628858b383c6257068c476c25b5a8a6421b686a349a828c47f526e7f877

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css
Origin: https://www.tsb.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVSaGJ1eDJqaUJ1RFNtU0lFR19FUUFBQUFz'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 18628
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 10:35:05 GMT
etag: "48c4-620bbe952e0b3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Cookie
content-type: application/font-woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: i7w3tUWQoAoxHy_O6WQ5U0VPD91ctb8GrTvdk5ONRWTsfxYcgQ7xQA==
expires: Sun, 14 Sep 2025 21:52:15 GMT

GET
H3 200 50c16efb37ef13080c94.woff2
www.tsb.co.nz/themes/TSB/dist/ 18 KB
18 KB 439ms
439ms Font
application/font-woff2 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/themes/TSB/dist/50c16efb37ef13080c94.woff2

Requested by

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/sites/default/files/css/A.css_sMsR2RcmDsLB9okt2MV6kb3pePXV2JfAzhcEzWhebi8.css,,qdelta==0,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM+css_BygZZ239nmdlXBeZ0B7rT5Vr0ipuCIlTOCmEr_qvfok.css,,qdelta==1,,alanguage==en,,atheme==TSB,,ainclude==eJxFjMEJwzAMABdyox2yQvsPciwcgSIZSaak0xdKIa877nFxRdIJFYPK67ne0sUqyiPyEtZednMCNT9R-ENloGN3HEdA8zlQlrssU8eswnFQK2kmyQP-_K3VGpXgpDc32lDIE1g5v4tHNYM,Mcc.qgO1HN889X.css.pagespeed.cf.MS8_j7Drir.css
Origin: https://www.tsb.co.nz
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVQTTlkUi1WMWJKcmFrbF9QRUFOUUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 18232
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 10:35:05 GMT
etag: "4738-620bbe952e0b3"
x-frame-options: SAMEORIGIN
vary: Accept-Encoding,Cookie
content-type: application/font-woff2
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: 6C0w6b0Ke4ADRg36HJ_Adcj0HpaDhcDUZRnWVJrjLbnwtziAtQMBaQ==
expires: Sun, 14 Sep 2025 13:52:01 GMT

GET
H3 200 icon-whats_new_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 869 B
907 B 491ms
491ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-whats_new_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

86e6459d734e4861ef736467ab64fc8b433923d940fd39271fd923ae2c34f9b0

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaYWgxRUIzNjhzMDdaVzFsUFZwUUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 869
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:25 GMT
etag: "365-6090055dea6e8"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: GBRun9LgsAY8zdtSH5OIeez_yCj1vspql8KchaaVfl2whkVQTnRV2w==
expires: Mon, 15 Sep 2025 03:54:47 GMT

GET
H3 200 icon-products_services_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 3 KB
1 KB 492ms
490ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-products_services_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

414277d359e2c453607104f2495ac2af09fa15c2ccaf2e485d3933e5727f348d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaWTNrbDJYaUR3dHJJOXNFQUg4Z0FBQUE0'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: gzip
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1086
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:29 GMT
etag: W/"aa1-6090056170498"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: RkISGSrjXnHFZbq-Wou5rbVWPBN0_h-WAoQYuP3Akgxk9htA_zxm2g==
expires: Mon, 15 Sep 2025 03:47:42 GMT

GET
H3 200 icon-rates_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 3 KB
1 KB 492ms
491ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-rates_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e2fed2719e47f4428f31b5f6d8584ed8b6848f9b3586644e070749341806344e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVZLW56MFhzaWZCaGsxX3FzNHQzZ0FBQUJF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: gzip
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1355
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:30 GMT
etag: W/"d11-60900562fc488"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: PeNDgFLOigwEDVD2kMu2CXwK81aZxo5Kq4hdZyXLa2QvXcJ1qfrRIA==
expires: Mon, 15 Sep 2025 01:55:43 GMT

GET
H3 200 icon-apply_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 3 KB
1 KB 492ms
491ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-apply_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e5c2dd00df7892f31ac96aa60a9b2b2b28f90400fb38ffea648f1c9ba73769bc

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaSE9NWTVVUTlfekNhTU1yRFRJZ0FBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: gzip
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1213
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:32 GMT
etag: W/"aa0-609005643b218"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: X1yqh5kz8YKPJWaW_W2Bjxoyy7fPc_9sKfFDogXNOr7B7BwuSIwlxw==
expires: Mon, 15 Sep 2025 02:32:24 GMT

GET
H3 200 icon-calculators_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 4 KB
1 KB 493ms
492ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-calculators_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

bedfc97fc67ea23fe97336f8c0032203f1b08f889e0ee6bb3d8a2ff3da4f8baa

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaM3FpRkFzdlRWa2V5RkpiOXU0d0FBQUFB'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: gzip
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1162
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:33 GMT
etag: W/"ef3-609005650a680"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: Dzsx1xJk5gsOzQnhC_nexykZJsLqKrOfk1AHx_t1Le2xvk3g5lu1Bg==
expires: Mon, 15 Sep 2025 05:59:06 GMT

GET
H3 200 icon-help_support_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 4 KB
2 KB 498ms
497ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/icon-help_support_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

b8666c40390e333bbbef6b67ce910ed6fc73c7b7c4476f48b3be06fbe2198a2d

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVXdnc5OE1sVkloUUo3bWN6c0E5d0FBQUFn'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: gzip
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 2179
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:33 GMT
etag: W/"11ae-60900565895c0"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
x-amz-cf-id: ltvk_FtKcOp0bDiaVbZvFVOggnARxiepaUqmOkpMTwIBZexNl67C2w==
expires: Sun, 14 Sep 2025 15:46:11 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/ 1 KB
1 KB 206ms
206ms Script
application/x-javascript 23.214.38.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/munchkin.js
Requested by: Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/js/js_O5H1FEGhTszFqn8qgxi6dJLbg5wYmeAvKE2AS9eqZ64.js,qscope=footer,adelta=0,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.yUwXvse6_K.js
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.214.38.209 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-214-38-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 17 Mar 2023 01:24:48 GMT
Server: AkamaiNetStorage
ETag: "cb731cc5c2bd9f31d6bfeb19f3c8b1ff:1679016288.730763"
Vary: Accept-Encoding
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR", policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Content-Type: application/x-javascript
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 729

GET
H3 200 load Show response
www.tsb.co.nz/sitewide_alert/ 4 KB
1 KB 143ms
143ms Fetch
application/json 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/sitewide_alert/load

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/sites/default/files/js/js_A7PiLUJY9f__2yDcQR6N8Z1OxRbelk2M465IoQkqJM8.js,qscope=footer,adelta=2,alanguage=en,atheme=TSB,ainclude=eJyNi0EOwjAQAz8Umj_wBbhHabKA6TYbEreov0eIXrj1ZMszvl7O_q42Rj311FDZHfsY5tgmofl5KekxofyNWaraFhqrSwop7MgS1qjIkbASnq9F2ubTOvzasDM56qdJMmjtqI-bOJopUf2eroPy_h6jSqNHAT-BE14J.pagespeed.ce.jeb9tqdAtJ.js

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

025a3c0009a8ffe8d3c9e138232858bb08004439c5fccddd47a9277f4864bc90

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

strict-transport-security: max-age=63072000; includeSubDomains; preload
content-encoding: br
x-content-type-options: nosniff
content-security-policy: default-src 'self' 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRktobzFZVUkxakVPS053OXM2QUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 1144
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: application/json
content-language: en
cache-control: max-age=15, public, s-maxage=15
x-amz-cf-id: fAU8C6Nog1vd0SV654dBqa37R0jaJ33BCMhKEEqVs0M90JdPFZ2JwA==
quic-version: 0x00000001

GET
H3 200 active_icon-whats_new_05102023.svg
www.tsb.co.nz/sites/default/files/svg_images/ 883 B
923 B 84ms
83ms Image
image/svg+xml 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.tsb.co.nz/sites/default/files/svg_images/active_icon-whats_new_05102023.svg

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

09d3c01af7d1b64385f5aea38b33807177f382f8dc3ce411548e1beb6523263e

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVXUVFjUDBOYXpfT1IyZzhpV01yZ0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:47 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 883
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Tue, 31 Oct 2023 10:08:25 GMT
etag: "373-6090055dff6d8"
x-frame-options: SAMEORIGIN
vary: Cookie,Accept-Encoding
content-type: image/svg+xml
cache-control: max-age=31536000
accept-ranges: bytes
x-amz-cf-id: RsPI1WrAJ7jzuvNpdNRegOX8-XPOa7Pu89ukfgPXP8rnjkdgpcCYnQ==
expires: Sun, 14 Sep 2025 13:31:45 GMT

GET
H/1.1 200
OK munchkin.js Show response
munchkin.marketo.net/163/ 11 KB
5 KB 67ms
66ms Script
application/x-javascript 23.214.38.209
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://munchkin.marketo.net/163/munchkin.js
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/munchkin.js?aid=tsbco
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 23.214.38.209 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a23-214-38-209.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:47 GMT
Content-Encoding: gzip
Last-Modified: Fri, 06 Jan 2023 02:26:40 GMT
Server: AkamaiNetStorage
ETag: "ea7826f34518d7c2295738f39c7640fa:1672972000.238769"
Vary: Accept-Encoding
Content-Type: application/x-javascript
P3P: policyref="http://www.marketo.com/w3c/p3p.xml", CP="NOI DSP COR NID CURi OUR NOR"
Cache-Control: max-age=8640000
Connection: keep-alive
Accept-Ranges: bytes
Content-Length: 4741
Expires: Tue, 24 Dec 2024 06:56:47 GMT

POST
H/1.1 200
OK visitWebPage
454-ize-737.mktoresp.com/webevents/ 2 B
487 B 253ms
65ms Ping
text/plain 103.237.104.82
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL: https://454-ize-737.mktoresp.com/webevents/visitWebPage?_mchNc=1726383407662&_mchCn=&_mchId=454-IZE-737&_mchTk=_mch-tsb.co.nz-1726383407662-16435&_mchHo=www.tsb.co.nz&_mchPo=&_mchRu=%2F&_mchPc=https%3A&_mchVr=163&_mchEcid=&_mchHa=&_mchRe=&_mchQp=
Requested by: Host: munchkin.marketo.net
URL: https://munchkin.marketo.net/163/munchkin.js
Protocol: HTTP/1.1
Security: TLS 1.2, ECDHE_RSA, AES_128_GCM
Server: 103.237.104.82 , United States, ASN53580 (MARKETO, US),
Reverse DNS
Software: nginx/1.20.1 /
Resource Hash: 565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:47 GMT
Content-Encoding: gzip
Server: nginx/1.20.1
Transfer-Encoding: chunked
Content-Type: text/plain; charset=UTF-8
Access-Control-Allow-Origin: *
Connection: keep-alive
X-Request-Id: cc42d485-ae91-4e5e-b5c1-0f7e03c43ddd

GET
H2 200 js Show response
www.googletagmanager.com/gtag/ 354 KB
108 KB 276ms
275ms Script
application/javascript 2404:6800:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2008 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

e2429bf9cf0854722b6fc7f3f271c01327ea542deaa5af9d2842cb5c8245c194

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 15 Sep 2024 06:56:48 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
access-control-allow-headers: Cache-Control
content-length: 109990
x-xss-protection: 0
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
expires: Sun, 15 Sep 2024 06:56:48 GMT

GET
H2 200 destination Show response
www.googletagmanager.com/gtag/ 215 KB
77 KB 261ms
260ms Script
application/javascript 2404:6800:4006:80a::2008
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://www.googletagmanager.com/gtag/destination?id=DC-4214544&l=dataLayer&cx=c

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2404:6800:4006:80a::2008 Sydney, Australia, ASN15169 (GOOGLE, US),

Reverse DNS

Software

Google Tag Manager /

Resource Hash

5d0afd1aaec987be4abcb64c2c50f36969ba0248b8c9a9c8f6b091c6704c782d

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 15 Sep 2024 06:56:47 GMT
content-encoding: br
strict-transport-security: max-age=31536000; includeSubDomains
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 78890
x-xss-protection: 0
last-modified: Sun, 15 Sep 2024 06:00:00 GMT
server: Google Tag Manager
vary: Accept-Encoding
content-type: application/javascript; charset=UTF-8
access-control-allow-origin: *
cache-control: private, max-age=900
access-control-allow-credentials: true
access-control-allow-headers: Cache-Control
expires: Sun, 15 Sep 2024 06:56:47 GMT

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 174ms
173ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRkx5bUxVb2ptRS15ektyLVRuUUFBQUFZ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: kWnLc_Ak7QvixN7wyEQENJsdiwkk6g1c0XOA6ICvj3UBJ7fDUEZ2hQ==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
H2 200 g99432jddf Show response
www.clarity.ms/tag/ 688 B
1 KB 330ms
216ms Script
application/x-javascript 2620:1ec:bdf::31
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/tag/g99432jddf?ref=gtm2
Requested by: Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: b8992e4434d384c07c613af5741baca4d6f676c3c1cc3a5fb7261971da9a888a

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

request-context: appId=cid-v1:67bc0b23-8423-4b52-b1ca-6a87709ceaa2
date: Sun, 15 Sep 2024 06:56:48 GMT
x-azure-ref: 20240915T065648Z-1596549d49b7kpgp793qp0q6gc0000000550000000005c8y
x-cache: CONFIG_NOCACHE
content-type: application/x-javascript
cache-control: no-cache, no-store
accept-ranges: bytes
content-length: 688
expires: -1

GET
H/1.1 200
OK rtp.js Show response
snrtp-cdn.marketo.com/rtp-api/v1/ 152 KB
42 KB 214ms
75ms Script
application/x-javascript 184.24.248.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

HTTP/1.1

Security

TLS 1.3, , AES_256_GCM

Server

184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),

Reverse DNS

a184-24-248-178.deploy.static.akamaitechnologies.com

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3e3dee05a65cbc73efd4dde6ab68ddfcf623cef6d983adadfbab83ef86a571a

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Strict-Transport-Security: max-age=63113904
Content-Encoding: gzip
Date: Sun, 15 Sep 2024 06:56:48 GMT
Last-Modified: Fri, 06 Sep 2024 16:18:36 GMT
Server: Jetty(9.4.45.v20220203)
Vary: Accept-Encoding
Content-Type: application/x-javascript; charset=UTF-8
Cache-Control: public, max-age=123
Connection: keep-alive
Content-Length: 42641

GET
H3 200 fbevents.js Show response
connect.facebook.net/en_US/ 225 KB
58 KB 138ms
66ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/en_US/fbevents.js

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 15 Sep 2024 06:56:48 GMT
document-policy: force-load-at-top
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 58953
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=23, mss=1232, tbw=4416, tp=9, tpl=0, uplat=1, ullat=-1
pragma: public
x-fb-debug: WagaNDPebkDFA00W9uFtMWznefmgrKlhCuIe/tZ/ehYtzZnxg93NKeqq7YPPcuyXj/IJbpTE9s5iiwr68Rz5Kg==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 embed.js Show response
nebula-cdn.kampyle.com/wau/210973/onsite/ 1 KB
970 B 101ms
32ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nebula-cdn.kampyle.com/wau/210973/onsite/embed.js

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.175 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

8b9a81cdb6691427b5b3eda44631051eac0ffa17fe9c668a935ea5ad8613c137

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: YqLBGwxGG.YHW_s86PguKE.OD7tX63EY
content-encoding: gzip
via: 1.1 varnish
date: Sun, 15 Sep 2024 06:56:48 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: M7455RFJA6644M6K
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 520
x-amz-id-2: cPsoGwOBfBvJgMLiJ5K8AplLUfObVT9e5QW8VelnMizGEzggW94Ie+3xnP5+9WUmkGM4zVFEdLk=
x-served-by: cache-akl10326-AKL
last-modified: Thu, 12 Sep 2024 22:39:48 GMT
server: AmazonS3
x-timer: S1726383408.011359,VS0,VE0
etag: "db9b64da8cb20d4fa3dc88c91dfb38b8"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=0,must-revalidate
accept-ranges: bytes
x-cache-hits: 1236

GET
H3 200 344603409212329 Show response
connect.facebook.net/signals/config/ 65 KB
14 KB 66ms
66ms Script
application/x-javascript 157.240.8.23
FACEBOOK

General

Check archive.org

Show headers Download Go to

Full URL

https://connect.facebook.net/signals/config/344603409212329?v=2.9.167&r=stable&domain=www.tsb.co.nz&hme=da9a399065fb1c492026018b9e54864148adfb49d800f41752428fb7b59190f8&ex_m=69%2C118%2C104%2C108%2C60%2C4%2C97%2C68%2C16%2C94%2C86%2C50%2C53%2C168%2C171%2C183%2C179%2C180%2C182%2C29%2C98%2C52%2C75%2C181%2C163%2C166%2C176%2C177%2C184%2C127%2C40%2C34%2C139%2C15%2C49%2C190%2C189%2C129%2C18%2C39%2C1%2C42%2C64%2C65%2C66%2C70%2C90%2C17%2C14%2C93%2C89%2C88%2C105%2C51%2C107%2C38%2C106%2C30%2C91%2C26%2C164%2C167%2C136%2C28%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C56%2C61%2C63%2C73%2C99%2C27%2C74%2C9%2C8%2C78%2C47%2C21%2C101%2C100%2C102%2C95%2C10%2C20%2C3%2C19%2C83%2C55%2C81%2C33%2C72%2C0%2C92%2C32%2C80%2C85%2C46%2C45%2C84%2C37%2C5%2C87%2C79%2C43%2C35%2C82%2C2%2C36%2C62%2C41%2C103%2C44%2C77%2C67%2C109%2C59%2C58%2C31%2C96%2C57%2C54%2C48%2C76%2C71%2C24%2C110

Requested by

Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js

Protocol

Security

QUIC, , AES_128_GCM

Server

157.240.8.23 Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

xx-fbcdn-shv-01-syd2.fbcdn.net

Software

Resource Hash

0162ef9fc226831fc4801f4200807e778fc20a40cfa7651de72257353c7138eb

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' data: blob: ;script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://.google-analytics.com .google.com;style-src data: blob: 'unsafe-inline' ;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com: wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' https://.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
Strict-Transport-Security	max-age=31536000; preload; includeSubDomains
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src 'self' data: blob: *;script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' https://*.google-analytics.com *.google.com;style-src data: blob: 'unsafe-inline' *;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' https://*.google-analytics.com;img-src 'self' data: blob: * https://*.google-analytics.com;block-all-mixed-content;upgrade-insecure-requests;require-trusted-types-for 'script';
content-encoding: gzip
x-content-type-options: nosniff
strict-transport-security: max-age=31536000; preload; includeSubDomains
date: Sun, 15 Sep 2024 06:56:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 26
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 14124
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: GOOD; q=0.7, rtt=63, rtx=0, c=74, mss=1232, tbw=67024, tp=62, tpl=0, uplat=0, ullat=-1
pragma: public
x-fb-debug: T4B2A7E8utaKMAMSEbS94F9ypFJ+dMnlaCc9znx+6GSaCmFchUXjHOTLqxU0Y32LW3hy7G01sOb4nY+h8Ef34Q==
cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: application/x-javascript; charset=utf-8
x-frame-options: DENY
cache-control: public, max-age=1200
permissions-policy: accelerometer=(), attribution-reporting=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(), clipboard-write=(), compute-pressure=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), private-state-token-issuance=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
timing-allow-origin: *
priority: u=3,i
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H2 200 /
www.facebook.com/tr/ 0
275 B 550ms
181ms Image
text/plain 2a03:2880:f119:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/tr/?id=344603409212329&ev=PageView&dl=https%3A%2F%2Fwww.tsb.co.nz&rl=&if=false&ts=1726383408228&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4124&fbp=fb.2.1726383408226.857793711460583246&pm=1&hrl=d27df4&ler=empty&cdl=API_unavailable&it=1726383408142&coo=false&cs_cc=1&cas=7623493194367735%2C2088552654520035%2C1901459769885203&rqm=GET

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

proxygen-bolt /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=31536000; includeSubDomains

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-fb-connection-quality: MODERATE; q=0.3, rtt=179, rtx=0, c=10, mss=1368, tbw=2776, tp=-1, tpl=-1, uplat=0, ullat=0
strict-transport-security: max-age=31536000; includeSubDomains
date: Sun, 15 Sep 2024 06:56:48 GMT
server: proxygen-bolt
content-type: text/plain
access-control-allow-origin
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
content-length: 0

GET
H2 200 /
www.facebook.com/privacy_sandbox/pixel/register/trigger/ 67 B
3 KB 804ms
435ms Image
image/png 2a03:2880:f119:8083:face:b00c:0:25de
FACEBOOK

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.facebook.com/privacy_sandbox/pixel/register/trigger/?id=344603409212329&ev=PageView&dl=https%3A%2F%2Fwww.tsb.co.nz&rl=&if=false&ts=1726383408228&sw=1600&sh=1200&v=2.9.167&r=stable&ec=0&o=4124&fbp=fb.2.1726383408226.857793711460583246&pm=1&hrl=d27df4&ler=empty&cdl=API_unavailable&it=1726383408142&coo=false&cs_cc=1&cas=7623493194367735%2C2088552654520035%2C1901459769885203&rqm=FGET

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

2a03:2880:f119:8083:face:b00c:0:25de Sydney, Australia, ASN32934 (FACEBOOK, US),

Reverse DNS

Software

Resource Hash

aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a

Security Headers

Name	Value
Content-Security-Policy	default-src data: blob: 'self' https://.fbsbx.com 'unsafe-inline' .facebook.com .fbcdn.net 'unsafe-eval';script-src .facebook.com .fbcdn.net .facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://.google-analytics.com .google.com;style-src .fbcdn.net data: .facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src .facebook.com facebook.com .fbcdn.net .facebook.net wss://.facebook.com:* wss://.whatsapp.com: wss://.fbcdn.net attachment.fbsbx.com ws://localhost: blob: .cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net .fbsbx.com .fb.com https://.google-analytics.com;font-src data: .facebook.com .fbcdn.net .fbsbx.com https://fonts.gstatic.com;img-src .fbcdn.net .facebook.com data: https://.fbsbx.com facebook.com .cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net .carriersignal.info blob: android-webview-video-poster: .whatsapp.net .fb.com .oculuscdn.com .tenor.co .tenor.com .giphy.com https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://.google-analytics.com;media-src .cdninstagram.com blob: .fbcdn.net .fbsbx.com www.facebook.com .facebook.com data: .tenor.co .tenor.com https://.giphy.com;frame-src .facebook.com .fbsbx.com fbsbx.com data: www.instagram.com .fbcdn.net https://paywithmybank.com/ https://.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net .google.com .doubleclick.net;worker-src blob: .facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
Strict-Transport-Security	max-age=15552000; preload
X-Content-Type-Options	nosniff
X-Frame-Options	DENY
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

content-security-policy: default-src data: blob: 'self' https://*.fbsbx.com 'unsafe-inline' *.facebook.com *.fbcdn.net 'unsafe-eval';script-src *.facebook.com *.fbcdn.net *.facebook.net 127.0.0.1:* 'unsafe-inline' blob: data: 'self' connect.facebook.net 'unsafe-eval' https://*.google-analytics.com *.google.com;style-src *.fbcdn.net data: *.facebook.com 'unsafe-inline' https://fonts.googleapis.com;connect-src *.facebook.com facebook.com *.fbcdn.net *.facebook.net wss://*.facebook.com:* wss://*.whatsapp.com:* wss://*.fbcdn.net attachment.fbsbx.com ws://localhost:* blob: *.cdninstagram.com 'self' http://localhost:3103 wss://gateway.facebook.com wss://edge-chat.facebook.com wss://snaptu-d.facebook.com wss://kaios-d.facebook.com/ v.whatsapp.net *.fbsbx.com *.fb.com https://*.google-analytics.com;font-src data: *.facebook.com *.fbcdn.net *.fbsbx.com https://fonts.gstatic.com;img-src *.fbcdn.net *.facebook.com data: https://*.fbsbx.com facebook.com *.cdninstagram.com fbsbx.com fbcdn.net connect.facebook.net *.carriersignal.info blob: android-webview-video-poster: *.whatsapp.net *.fb.com *.oculuscdn.com *.tenor.co *.tenor.com *.giphy.com https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://*.google-analytics.com;media-src *.cdninstagram.com blob: *.fbcdn.net *.fbsbx.com www.facebook.com *.facebook.com data: *.tenor.co *.tenor.com https://*.giphy.com;frame-src *.facebook.com *.fbsbx.com fbsbx.com data: www.instagram.com *.fbcdn.net https://paywithmybank.com/ https://*.paywithmybank.com/ https://www.googleadservices.com https://googleads.g.doubleclick.net https://www.google.com https://td.doubleclick.net *.google.com *.doubleclick.net;worker-src blob: *.facebook.com data:;block-all-mixed-content;upgrade-insecure-requests;
content-encoding: zstd
x-content-type-options: nosniff
strict-transport-security: max-age=15552000; preload
date: Sun, 15 Sep 2024 06:56:48 GMT
document-policy: force-load-at-top
x-fb-server-load: 24
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=86400
x-xss-protection: 0
reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", default="https://www.facebook.com/ajax/browser_error_reports/?device_level=unknown&brsid=7414760279182383677", permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
x-fb-connection-quality: MODERATE; q=0.3, rtt=185, rtx=0, c=10, mss=1368, tbw=3095, tp=-1, tpl=-1, uplat=253, ullat=0
pragma: no-cache
x-fb-debug: R+SMYF6sAj9QYc9Du0jO+R/ossKESsCqV3b0xJcqjMXmGV6koEjVT28da2112ekWi4g6TUyXDFA47AN6JoEbEA==
cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"
vary: Accept-Encoding
report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/?device_level=unknown&brsid=7414760279182383677"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
content-type: image/png
x-frame-options: DENY
origin-agent-cluster: ?0
cache-control: private, no-store, no-cache, must-revalidate
permissions-policy: accelerometer=(), attribution-reporting=(self), autoplay=(), bluetooth=(), browsing-topics=(self), camera=(self), ch-device-memory=(), ch-downlink=(), ch-dpr=(), ch-ect=(), ch-rtt=(), ch-save-data=(), ch-ua-arch=(), ch-ua-bitness=(), ch-viewport-height=(), ch-viewport-width=(), ch-width=(), clipboard-read=(self), clipboard-write=(self), compute-pressure=(), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(self), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), private-state-token-issuance=(), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), shared-storage=(), shared-storage-select-url=(), private-state-token-redemption=(), usb=(), unload=(self), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
expires: Sat, 01 Jan 2000 00:00:00 GMT

GET
H/1.1 200
OK jquery.min.js Show response
rtp-static.marketo.com/rtp/libs/jquery/3.7.0/ 85 KB
30 KB 216ms
80ms Script
application/x-javascript 184.24.248.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery/3.7.0/jquery.min.js
Requested by: Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-248-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Content-Encoding: gzip
Last-Modified: Fri, 02 Jun 2023 14:58:35 GMT
Server: AkamaiNetStorage
ETag: "e6c2415c0ace414e5153670314ce99a9:1685718127.441272"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 30386

GET
H/1.1 200
OK jquery-ui-insightera-custom-1.9.6.css
rtp-static.marketo.com/rtp/libs/ 23 KB
4 KB 203ms
68ms Stylesheet
text/css 184.24.248.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jquery-ui-insightera-custom-1.9.6.css
Requested by: Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-248-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: 143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Content-Encoding: gzip
Last-Modified: Wed, 15 May 2024 05:08:51 GMT
Server: AkamaiNetStorage
ETag: "c89c0f4cc3c0f0f2bd846508a3cd504c:1715749730.923559"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: text/css
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 3762

GET
H/1.1 200
OK trw Show response
snrtp1.marketo.com/gw1/ 0
466 B 255ms
67ms Script
application/x-javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/trw?aid=tsbco&trwv.uid=tsbco-1726383408236-8799b57f&trwv.vc=1&trwsa.sid=tsbco-1726383408237-3cac0a41&trwsb.cpv=1&ctzo=+12:00&uri=https%3A%2F%2Fwww.tsb.co.nz%2F&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&pm=2273,2274,2275,2276,2277,2278&viewedTypes=&rts=1726383408238

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: application/x-javascript;charset=utf-8

GET
H/1.1 200
OK trw Show response
snrtp1.marketo.com/gw1/ 0
466 B 251ms
64ms Script
application/x-javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/trw?aid=tsbco&trwv.uid=tsbco-1726383408236-8799b57f&trwv.vc=1&trwsa.sid=tsbco-1726383408237-3cac0a41&trwsb.cpv=2&ctzo=+12:00&uri=https%3A%2F%2Fwww.tsb.co.nz%2F&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&pm=2273,2274,2275,2276,2277,2278&viewedTypes=&rts=1726383408239

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: application/x-javascript;charset=utf-8

GET
H/1.1 200
OK ga-integration-2.0.5.js Show response
rtp-static.marketo.com/rtp/libs/ 18 KB
6 KB 209ms
77ms Script
application/x-javascript 184.24.248.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js
Requested by: Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-248-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 15 Jun 2023 08:00:53 GMT
Server: AkamaiNetStorage
ETag: "18a7b0f60655900c0010a35d07b9da0f:1686816053.163727"
Vary: Accept-Encoding
Access-Control-Max-Age: 86400
Content-Type: application/x-javascript
Access-Control-Allow-Origin: *
Access-Control-Allow-Methods: GET
Access-Control-Allow-Credentials: false
Connection: keep-alive
Accept-Ranges: bytes
Access-Control-Allow-Headers: *
Content-Length: 5654

GET
H2 200 clarity.js Show response
www.clarity.ms/s/0.7.46/ 64 KB
27 KB 66ms
65ms Script
application/javascript 2620:1ec:bdf::31
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to

Full URL: https://www.clarity.ms/s/0.7.46/clarity.js
Requested by: Host: www.clarity.ms
URL: https://www.clarity.ms/tag/g99432jddf?ref=gtm2
Protocol: H2
Security: TLS 1.3, , AES_256_GCM
Server: 2620:1ec:bdf::31 , United States, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: /
Resource Hash: 4ac65dcc5ed84285cfd19c18f2b715a53f07f708f34198aa96ed8b846a78ef58

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

date: Sun, 15 Sep 2024 06:56:48 GMT
content-encoding: br
last-modified: Thu, 12 Sep 2024 19:33:15 GMT
etag: W/"0x8DCD361BF61C3C9"
vary: Accept-Encoding
x-azure-ref: 20240915T065648Z-1596549d49b7kpgp793qp0q6gc0000000550000000005c96
content-type: application/javascript;charset=utf-8
access-control-allow-origin: *
x-ms-request-id: ab179367-801e-0067-0dc4-053e27000000
cache-control: public, max-age=86400
x-cache: TCP_HIT
x-ms-version: 2018-03-28
x-fd-int-roxy-purgeid: 51562430

GET
H/1.1 200
OK msg Show response
snrtp1.marketo.com/gw1/ 0
457 B 252ms
66ms Script
text/javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1726383408237-3cac0a41&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&viewedTypes=&0.49282039912093834&rts=1726383408289

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK msg Show response
snrtp1.marketo.com/gw1/ 0
457 B 250ms
65ms Script
text/javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1726383408237-3cac0a41&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&viewedTypes=&0.4075971872741688&rts=1726383408290

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2

200

activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=...
4214544.fls.doubleclick.net/ Frame D316
Redirect Chain

https://4214544.fls.doubleclick.net/activityi;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uap...
https://4214544.fls.doubleclick.net/activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa...

0
0

169ms
168ms

Document
text/html

142.251.221.70
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL

https://4214544.fls.doubleclick.net/activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?

Requested by

Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/destination?id=DC-4214544&l=dataLayer&cx=c

Protocol

Security

TLS 1.3, , AES_128_GCM

Server

142.251.221.70 Farmingdale, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd09s31-in-f6.1e100.net

Software

cafe /

Resource Hash

Security Headers

Name	Value
Strict-Transport-Security	max-age=21600
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
Upgrade-Insecure-Requests: 1
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: private, max-age=0
content-encoding: br
content-length: 344
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
expires: Sun, 15 Sep 2024 06:56:48 GMT
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

Redirect headers

alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
cache-control: no-cache, must-revalidate
content-length: 0
content-type: text/html; charset=UTF-8
cross-origin-resource-policy: cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
expires: Fri, 01 Jan 1990 00:00:00 GMT
follow-only-when-prerender-shown: 1
location: https://4214544.fls.doubleclick.net/activityi;dc_pre=CJGDy66vxIgDFcOjZgIdMNYeZw;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?
p3p: policyref="https://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
pragma: no-cache
server: cafe
strict-transport-security: max-age=21600
timing-allow-origin: *
x-content-type-options: nosniff
x-xss-protection: 0

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 158ms
157ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CbzFZVUkxakVPS053OXM3Z0FBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: 8kT6qtLId6p3tNns9jTEBTt3876CypNjjLVSCeoLtSPDaQPFoAcwrQ==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

GET activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=...
ad.doubleclick.net/ 0
0

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 189ms
188ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CcGk1MUY2VVpSbkdvR0RaQUFBQUFF'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: a3bxPsvGfuxi-OyDyCA91iE50bq0ySAhqQ6i23pJbS1A63tZjaiX0A==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

GET
DATA 200
OK truncated
/ Frame 2052 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame 2052 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 185ms
183ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.46/clarity.js

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1MS2loZGJ0M0llcWtJdXltd0FBQUJJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: -Rkj3nzTuQe6joNTtN1Al8EISDz83MEd1BM_qsoWGz58czTxjk_xoA==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

POST collect
f.clarity.ms/ 0
0

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 208ms
207ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.46/clarity.js

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1HRW5BRWRFcnowaHhpZG1id0FBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: skrvkqoUmtWZH5fnRhT80wstH-f-_-3mPGxFg0e6HsTklXRwEZPeSA==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

POST collect
f.clarity.ms/ 0
0

POST
H3 204 csp-report
www.tsb.co.nz/ 0
28 B 185ms
181ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: www.clarity.ms
URL: https://www.clarity.ms/s/0.7.46/clarity.js

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1CY0JrSTRIc1NSekFlWElCUUFBQUFJ'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:48 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: BBgG5j7ErETBHvN3_fL3yJlXnGJ0kwDacyn7kAIF1Ao5WV_1zKHn1A==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

POST
H2 204 collect
analytics.google.com/g/ 0
0 643ms
247ms Fetch
text/plain 2001:4860:4802:34::181
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://analytics.google.com/g/collect?v=2&tid=G-VRLX9EH3CJ&gtm=45je4990v879078468z89111675971za200zb9111675971&_p=1726383406718&_gaz=1&gcd=13l3l3l3l1l1&npa=0&dma=0&tag_exp=0&cid=1124575247.1726383408&ul=en-nz&sr=1600x1200&ir=1&uaa=&uab=&uafvl=&uamb=0&uam=&uap=&uapv=&uaw=0&are=1&pae=1&frm=0&pscdl=noapi&_eu=EA&_s=1&sid=1726383408&sct=1&seg=0&dl=https%3A%2F%2Fwww.tsb.co.nz%2F&dt=The%20perfect%20amount%20of%20bank%20%7C%20TSB&en=page_view&_fv=1&_nsi=1&_ss=1&tfd=3972
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2001:4860:4802:34::181 , United States, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 15 Sep 2024 06:56:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tsb.co.nz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

POST
H2 204 collect
stats.g.doubleclick.net/g/ 0
254 B 452ms
151ms Ping
text/plain 2404:6800:4003:c11::9d
GOOGLE

General

Check archive.org

Show headers Download Go to

Full URL: https://stats.g.doubleclick.net/g/collect?v=2&tid=G-VRLX9EH3CJ&cid=1124575247.1726383408&gtm=45je4990v879078468z89111675971za200zb9111675971&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0
Requested by: Host: www.googletagmanager.com
URL: https://www.googletagmanager.com/gtag/js?id=G-VRLX9EH3CJ&l=dataLayer&cx=c
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 2404:6800:4003:c11::9d Singapore, Singapore, ASN15169 (GOOGLE, US),
Reverse DNS
Software: Golfe2 /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 15 Sep 2024 06:56:48 GMT
server: Golfe2
content-type: text/plain
access-control-allow-origin: https://www.tsb.co.nz
cache-control: no-cache, no-store, must-revalidate
access-control-allow-credentials: true
cross-origin-resource-policy: cross-origin
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H3 200 ga-audiences
www.google.co.nz/ads/ 42 B
63 B 367ms
204ms Image
image/gif 142.250.67.3
GOOGLE

General

Check archive.org

Show headers Download Go to Show image

Full URL

https://www.google.co.nz/ads/ga-audiences?v=1&t=sr&slf_rd=1&_r=4&tid=G-VRLX9EH3CJ&cid=1124575247.1726383408&gtm=45je4990v879078468z89111675971za200zb9111675971&aip=1&dma=0&gcd=13l3l3l3l1l1&npa=0&frm=0&tag_exp=0&tag_exp=0&z=823801378

Requested by

Host: www.tsb.co.nz
URL: https://www.tsb.co.nz/

Protocol

Security

QUIC, , AES_128_GCM

Server

142.250.67.3 Plainview, United States, ASN15169 (GOOGLE, US),

Reverse DNS

syd15s16-in-f3.1e100.net

Software

cafe /

Resource Hash

ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629

Security Headers

Name	Value
X-Content-Type-Options	nosniff
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 15 Sep 2024 06:56:48 GMT
x-content-type-options: nosniff
server: cafe
content-type: image/gif
p3p: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
cache-control: no-cache, no-store, must-revalidate
cross-origin-resource-policy: cross-origin
timing-allow-origin: *
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
content-length: 42
x-xss-protection: 0
expires: Fri, 01 Jan 1990 00:00:00 GMT

GET
H/1.1 200
OK jquery-custom-ui.min.js Show response
rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/ 522 KB
126 KB 103ms
103ms Script
application/x-javascript 184.24.248.178
AKAMAI-AS

General

Check archive.org

Show headers Download Go to

Full URL: https://rtp-static.marketo.com/rtp/libs/jqueryui/1.13.2/jquery-custom-ui.min.js
Requested by: Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco
Protocol: HTTP/1.1
Security: TLS 1.3, , AES_256_GCM
Server: 184.24.248.178 Sydney, Australia, ASN16625 (AKAMAI-AS, US),
Reverse DNS: a184-24-248-178.deploy.static.akamaitechnologies.com
Software: AkamaiNetStorage /
Resource Hash: b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Content-Encoding: gzip
Last-Modified: Thu, 01 Jun 2023 11:54:52 GMT
Server: AkamaiNetStorage
ETag: "85c4e68263c6de164e4bad3fb60222a5:1685620750.615377"
Vary: Accept-Encoding
Transfer-Encoding: chunked
Content-Type: application/x-javascript
Access-Control-Max-Age: 86400
Access-Control-Allow-Methods: GET
Access-Control-Allow-Origin: *
Access-Control-Allow-Credentials: false
Connection: keep-alive, Transfer-Encoding
Accept-Ranges: bytes
Access-Control-Allow-Headers: *

GET
DATA 200
OK truncated
/ Frame FB54 3 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: 04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
DATA 200
OK truncated
/ Frame FB54 5 KB
0 Image
image/png

General

Check archive.org

Show headers Download Go to Show image

Full URL: data:truncated
Protocol: DATA
Server: -, , ASN (),
Reverse DNS
Software: /
Resource Hash: e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2

Request headers

Referer
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Content-Type: image/png

GET
H/1.1 200
OK msg Show response
snrtp1.marketo.com/gw1/ 0
457 B 185ms
64ms Script
text/javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1726383408237-3cac0a41&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&viewedTypes=&0.7866552802782449&rts=1726383408581

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H/1.1 200
OK msg Show response
snrtp1.marketo.com/gw1/ 0
457 B 186ms
65ms Script
text/javascript 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/msg?a=2&sid=tsbco-1726383408237-3cac0a41&aid=tsbco&ma=id%3A454-IZE-737%26token%3A_mch-tsb.co.nz-1726383407662-16435&viewedTypes=&0.05486934585732128&rts=1726383408582

Requested by

Host: snrtp-cdn.marketo.com
URL: https://snrtp-cdn.marketo.com/rtp-api/v1/rtp.js?aid=tsbco

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:48 GMT
Cache-Control: no-cache
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Connection: close
Content-Length: 0
Content-Type: text/javascript;charset=utf-8

GET
H2 200 generic1726180787406.js Show response
nebula-cdn.kampyle.com/au/wau/210973/onsite/ 384 KB
86 KB 32ms
32ms Script
application/javascript 151.101.193.175
FASTLY

General

Check archive.org

Show headers Download Go to

Full URL

https://nebula-cdn.kampyle.com/au/wau/210973/onsite/generic1726180787406.js

Requested by

Host: nebula-cdn.kampyle.com
URL: https://nebula-cdn.kampyle.com/wau/210973/onsite/embed.js

Protocol

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

151.101.193.175 San Francisco, United States, ASN54113 (FASTLY, US),

Reverse DNS

Software

AmazonS3 /

Resource Hash

9e244e21f848716f05c2c06f04aa31e416ac2370fa7b3485b33b0d5689646937

Security Headers

Name	Value
Strict-Transport-Security	max-age=31557600

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-amz-version-id: SglXaf25nfjbVmZlQF_p.Lnx3kuj.CId
content-encoding: gzip
via: 1.1 varnish
date: Sun, 15 Sep 2024 06:56:49 GMT
strict-transport-security: max-age=31557600
x-amz-request-id: W3HNESYYPNCZE7G7
x-amz-server-side-encryption: AES256
x-cache: HIT
content-length: 88133
x-amz-id-2: Mw+lmY5dKPFLBOg6oTc7o1VtyBrmTM4Iay3LaV9hzZRsybkvb41QcMBlbaA86u0+ow0oE6DZifM=
x-served-by: cache-akl10326-AKL
last-modified: Thu, 12 Sep 2024 22:39:48 GMT
server: AmazonS3
x-timer: S1726383409.378791,VS0,VE0
etag: "e7d529ef83679b49048034fd724ccd49"
vary: Accept-Encoding
content-type: application/javascript
access-control-allow-origin: *
cache-control: max-age=2592000
accept-ranges: bytes
x-cache-hits: 642

GET
H2

200

c.gif
c.clarity.ms/
Redirect Chain

https://c.clarity.ms/c.gif
https://c.bing.com/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&RedC=c.clarity.ms&MXFR=0523932A571F6205129E87D1531F6CB2
https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&MUID=26C0919AF85C6077070F8561F9CD61B9

42 B
465 B

205ms
205ms

Image
image/gif

52.231.230.148
MICROSOFT-CORP-MS...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&MUID=26C0919AF85C6077070F8561F9CD61B9
Protocol: H2
Server: 52.231.230.148 Busan, Korea, Republic Of, ASN8075 (MICROSOFT-CORP-MSN-AS-BLOCK, US),
Reverse DNS
Software: Microsoft-IIS/10.0 / ASP.NET
Resource Hash: 99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

pragma: no-cache
date: Sun, 15 Sep 2024 06:56:50 GMT
last-modified: Tue, 13 Aug 2024 21:12:15 GMT
server: Microsoft-IIS/10.0
etag: "3bd2d078c5edda1:0"
x-powered-by: ASP.NET
content-type: image/gif
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
cache-control: private, no-cache, proxy-revalidate, no-store
accept-ranges: bytes
content-length: 42

Redirect headers

pragma: no-cache
date: Sun, 15 Sep 2024 06:56:50 GMT
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
x-msedge-ref: Ref A: 61E0D28D04CC475C9677FBD005AB8368 Ref B: SYD03EDGE1919 Ref C: 2024-09-15T06:56:50Z
x-powered-by: ASP.NET
x-cache: CONFIG_NOCACHE
p3p: CP="BUS CUR CONo FIN IVDo ONL OUR PHY SAMo TELo"
location: https://c.clarity.ms/c.gif?ctsa=mr&CtsSyncId=DBD3A3F373634272B168BE7831039F12&MUID=26C0919AF85C6077070F8561F9CD61B9
cache-control: private, no-cache, proxy-revalidate, no-store
content-length: 0

GET
H/1.1 200
OK visitor Show response
snrtp1.marketo.com/gw1/rtp/api/v1_1/ 287 B
1 KB 247ms
64ms XHR
application/json 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/rtp/api/v1_1/visitor?sid=tsbco-1726383408237-3cac0a41&aid=tsbco&1726383409366

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

1c118c8dc42145731c36cf83e87f4cb6392bedba4ad17e8a598bb9d66b29810b

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Pragma: No-cache
Date: Sun, 15 Sep 2024 06:56:49 GMT
Strict-Transport-Security: max-age=63113904
Last-Modified: Sun Sep 15 01:56:49 CDT 2024
Server: Jetty(9.4.45.v20220203)
Vary: Origin
Transfer-Encoding: chunked
Content-Type: application/json
Access-Control-Allow-Origin: https://www.tsb.co.nz
Cache-Control: no-store, no-cache, must-revalidate, max-age=0, post-check=0, pre-check=0
Access-Control-Allow-Credentials: true
Connection: close
Expires: Thu, 01 Jan 1970 00:00:00 GMT

GET
H/1.1 200
OK sgm Show response
snrtp1.marketo.com/gw1/ga/ 48 B
532 B 247ms
64ms XHR
text/json 103.237.104.73
MARKETO

General

Check archive.org

Show headers Download Go to

Full URL

https://snrtp1.marketo.com/gw1/ga/sgm?sid=tsbco-1726383408237-3cac0a41&1726383409367

Requested by

Host: rtp-static.marketo.com
URL: https://rtp-static.marketo.com/rtp/libs/ga-integration-2.0.5.js

Protocol

HTTP/1.1

Security

TLS 1.2, ECDHE_RSA, AES_128_GCM

Server

103.237.104.73 , United States, ASN53580 (MARKETO, US),

Reverse DNS

Software

Jetty(9.4.45.v20220203) /

Resource Hash

25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44

Security Headers

Name	Value
Strict-Transport-Security	max-age=63113904

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

Date: Sun, 15 Sep 2024 06:56:49 GMT
Strict-Transport-Security: max-age=63113904
Server: Jetty(9.4.45.v20220203)
Content-Type: text/json;charset=utf-8
Access-Control-Allow-Origin: *
Cache-Control: no-cache
Connection: close
Content-Length: 48

GET
H3 200 favicon.ico
www.tsb.co.nz/themes/TSB/ 15 KB
15 KB 102ms
102ms Other
image/vnd.microsoft.icon 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/themes/TSB/favicon.ico

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

c29898818975d404bc311ef4043893f26e1ad7b6c8760fe1984b3aba82444365

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVaWjJPY25Cdm5waThUaTRYeXl5Z0FBQUFN'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
date: Sun, 15 Sep 2024 06:56:49 GMT
x-amz-cf-pop: SYD62-P3
alt-svc: h3=":443"; ma=93600
content-length: 15406
x-xss-protection: 0
referrer-policy: strict-origin-when-cross-origin
last-modified: Wed, 28 Aug 2024 10:31:17 GMT
etag: "3c2e-620bbdbb1ab88"
x-frame-options: SAMEORIGIN
vary: Cookie
content-type: image/vnd.microsoft.icon
cache-control: max-age=31524811
accept-ranges: bytes
x-amz-cf-id: yS0MQXBEVebzLNNgrVV10mJUuHsnD31XnXZuIxCziZBfof4cDHczhQ==
expires: Mon, 15 Sep 2025 03:50:20 GMT

POST
H3 204 csp-report
www.tsb.co.nz/ 0
22 B 171ms
170ms Other
text/plain 203.134.85.154
VOCUS-RETAIL-AU V...

General

Check archive.org

Show headers Download Go to

Full URL

https://www.tsb.co.nz/csp-report

Requested by

Host: nebula-cdn.kampyle.com
URL: https://nebula-cdn.kampyle.com/au/wau/210973/onsite/generic1726180787406.js

Protocol

Security

QUIC, , AES_256_GCM

Server

203.134.85.154 Sydney, Australia, ASN9443 (VOCUS-RETAIL-AU Vocus Retail, AU),

Reverse DNS

154.85-134-203.akamai.cache.nsw.vocus.network

Software

Resource Hash

e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Security Headers

Name	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36
Content-Type: application/csp-report

Response headers

quic-version: 0x00000001
strict-transport-security: max-age=63072000; includeSubDomains; preload
content-security-policy: default-src 'self' 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRk1iSUtKR0FFVS10Z090Z3ZLQUFBQUFr'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
x-content-type-options: nosniff
referrer-policy: strict-origin-when-cross-origin
date: Sun, 15 Sep 2024 06:56:49 GMT
x-amz-cf-pop: SYD62-P3
vary: x-aws-env-psk,Cookie
x-frame-options: SAMEORIGIN
content-language: en
cache-control: must-revalidate, no-cache, private
alt-svc: h3=":443"; ma=93600
x-amz-cf-id: tbO6uZRj_VJvcKYfI_G11NzN8-4XxIudG9Kd9uXTfGYHrBzEYIb34A==
x-xss-protection: 0
expires: Sun, 19 Nov 1978 05:00:00 GMT

POST events
analytics-fe.digital-cloud-syd1.medallia.com.au/api/web/ 0
0

GET
H2 200 __cool.gif
udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/ 0
318 B 401ms
262ms Image
image/gif 35.241.45.82
GOOGLE-CLOUD-PLAT...

General

Check archive.org

Show headers Download Go to Show image

Full URL: https://udc-neb.kampyle.com/egw/5/qceuv8449dzg58ptt1bhda9g8ue19c7s/track/__cool.gif?data=eyJldmVudHMiOiBbCiAgICB7InNlc3Npb25fc2NyZWVuX3NpemUiOiAiMTYwMHgxMjAwIiwic2Vzc2lvbl9kdWEiOiAiTW96aWxsYS81LjAgKFgxMTsgTGludXggeDg2XzY0KSBBcHBsZVdlYktpdC81MzcuMzYgKEtIVE1MLCBsaWtlIEdlY2tvKSBDaHJvbWUvMTI4LjAuMC4wIFNhZmFyaS81MzcuMzYiLCJzZXNzaW9uX3BsYXRmb3JtIjogIkxpbnV4IHg4Nl82NCIsInBhZ2VfdGl0bGUiOiAiVGhlIHBlcmZlY3QgYW1vdW50IG9mIGJhbmsgfCBUU0IiLCJwYWdlX3VybCI6ICJodHRwczovL3d3dy50c2IuY28ubnovIiwidHJhY2tlcl90eXBlIjogImphdmFzY3JpcHQiLCJ0cmFja2VyX3ZlcnNpb24iOiAiMi4yLjIzIiwiZXZlbnRfbmFtZSI6ICJuZWJ1bGFfcGFnZV92aWV3IiwiZXZlbnRfdGltZXN0YW1wX2Vwb2NoIjogIjE3MjYzODM0MDk0NTAiLCJldmVudF90aW1lem9uZV9vZmZzZXQiOiAxMiwidXNlcl9pZCI6ICIxOTFmNDc4NDkyMzE1Yy0wZmMwNTVhYzVmMDdjNy0xZjQ2MmM2Zi0xZDRjMDAtMTkxZjQ3ODQ5MjQxNmE5IiwiZW52aXJvbWVudCI6ICJkaWdpdGFsLWNsb3VkLXN5ZDEiLCJhY2NvdW50SWQiOiAyMTA5NzIsInVybCI6ICJodHRwczovL3d3dy50c2IuY28ubnovIiwid2Vic2l0ZUlkIjogMjEwOTczLCJmb3JtSWQiOiBudWxsLCJmb3JtVHJpZ2dlclR5cGUiOiBudWxsLCJrYW1weWxlX2RhdGEiOiB7Im1kX2lzU3VydmV5U3VibWl0dGVkSW5TZXNzaW9uIjogIiIsIkxBU1RfSU5WSVRBVElPTl9WSUVXIjogIiIsIkRFQ0xJTkVEX0RBVEUiOiAiIiwia2FtcHlsZUludml0ZVByZXNlbnRlZCI6ICIiLCJrYW1weWxlX3VzZXJpZCI6ICIwOTUxLWM5MmQtYWVmNi1lNzNiLWNlZGEtYTk4Zi05MjI1LTBjZDgiLCJrYW1weWxlVXNlclNlc3Npb24iOiAiMTcyNjM4MzQwOTQ0OSIsImthbXB5bGVVc2VyUGVyY2VudGlsZSI6ICIiLCJTVUJNSVRURURfREFURSI6ICIifSwiY29va2llX3NpemUiOiA2MjYsImthbXB5bGVfdmVyc2lvbiI6ICIyLjU2LjEiLCJvbnNpdGVfdmVyc2lvbiI6ICIyLjU2LjEiLCJoaXN0b3J5X2xlbmd0aCI6IDEsImV2ZW50X2xvY2FsX3RpbWVzdGFtcCI6IDE3MjYzODM0MDk0NTAsInBvc2l0aW9uIjogbnVsbCwiaXNVc2VySWRlbnRpZmllZCI6IGZhbHNlfQpdfQ==
Protocol: H2
Security: TLS 1.3, , AES_128_GCM
Server: 35.241.45.82 Kansas City, United States, ASN396982 (GOOGLE-CLOUD-PLATFORM, US),
Reverse DNS: 82.45.241.35.bc.googleusercontent.com
Software: Jetty(9.2.11.v20150529) /
Resource Hash: e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855

Request headers

Referer: https://www.tsb.co.nz/
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36

Response headers

x-me: prod-instance-gatewayservice-blue-lxgd
date: Sun, 15 Sep 2024 06:56:49 GMT
via: 1.1 google
alt-svc: clear
server: Jetty(9.2.11.v20150529)
access-control-max-age: 1800
access-control-allow-methods: GET, POST, PUT, DELETE
content-type: image/gif; charset=UTF-8
access-control-allow-origin: *
access-control-allow-credentials: true
access-control-allow-headers: X-Requested-With, Origin, Content-Type, Accept
content-length: 0
x-application-context: application:9090

Failed requests

These URLs were requested, but there was no response received. You will also see them in the list above.

Domain: ad.doubleclick.net
URL: https://ad.doubleclick.net/activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?

Domain: f.clarity.ms
URL: https://f.clarity.ms/collect

Domain: f.clarity.ms
URL: https://f.clarity.ms/collect

Domain: analytics-fe.digital-cloud-syd1.medallia.com.au
URL: https://analytics-fe.digital-cloud-syd1.medallia.com.au/api/web/events

Verdicts & Comments Add Verdict or Comment

78 JavaScript Global Variables

These are the non-standard "global" variables defined on the window object. These can be helpful in identifying possible client-side frameworks and code.

23 Cookies

Cookies are little pieces of information stored in the browser of a user. Whenever a user visits the site again, he will also send his cookie values, thus allowing the website to re-identify him even if he changed locations. This is how permanent logins work.

Domain/Path	Expires	Name / Value
.tsb.co.nz/	1970-01-21 09:09:03	Name: _mkto_trk Value: id:454-IZE-737&token:_mch-tsb.co.nz-1726383407662-16435
.tsb.co.nz/	1970-01-21 01:42:39	Name: _gcl_au Value: 1.1.621044499.1726383408
.tsb.co.nz/	1970-01-21 01:42:39	Name: _fbp Value: fb.2.1726383408226.857793711460583246
.tsb.co.nz/	1970-01-21 09:09:03	Name: trwv.uid Value: tsbco-1726383408236-8799b57f%3A1
.tsb.co.nz/	1970-01-20 23:33:05	Name: trwsa.sid Value: tsbco-1726383408237-3cac0a41%3A2
www.clarity.ms/	1970-01-21 08:18:39	Name: CLID Value: 3c6bb2093d5d43a4899253e2bab01d96.20240915.20250915
.tsb.co.nz/	1970-01-21 08:18:39	Name: _clck Value: 109n218%7C2%7Cfp7%7C0%7C1719
.tsb.co.nz/	1970-01-21 09:09:03	Name: _ga_VRLX9EH3CJ Value: GS1.1.1726383408.1.0.1726383408.60.0.0
.tsb.co.nz/	1970-01-21 09:09:03	Name: _ga Value: GA1.1.1124575247.1726383408
.doubleclick.net/	1970-01-20 23:33:04	Name: test_cookie Value: CheckForPermission
.doubleclick.net/	1970-01-21 03:52:15	Name: receive-cookie-deprecation Value: 1
www.tsb.co.nz/	1970-01-21 08:18:39	Name: mdLogger Value: false
www.tsb.co.nz/	1970-01-21 08:18:39	Name: kampyle_userid Value: 0951-c92d-aef6-e73b-ceda-a98f-9225-0cd8
www.tsb.co.nz/	1970-01-21 08:18:39	Name: kampyleUserSession Value: 1726383409449
www.tsb.co.nz/	1970-01-21 08:18:39	Name: kampyleUserSessionsCount Value: 1
www.tsb.co.nz/	1970-01-21 08:18:39	Name: kampyleSessionPageCounter Value: 1
.bing.com/	1970-01-21 08:54:39	Name: MUID Value: 26C0919AF85C6077070F8561F9CD61B9
.c.bing.com/	1970-01-20 23:43:08	Name: MR Value: 0
.c.bing.com/	1970-01-21 08:54:39	Name: SRM_B Value: 26C0919AF85C6077070F8561F9CD61B9
.c.clarity.ms/	1969-12-31 23:59:59	Name: SM Value: C
.clarity.ms/	1970-01-21 08:54:39	Name: MUID Value: 26C0919AF85C6077070F8561F9CD61B9
.c.clarity.ms/	1970-01-20 23:43:08	Name: MR Value: 0
.c.clarity.ms/	1970-01-20 23:33:04	Name: ANONCHK Value: 0

9 Console Messages

A page may trigger messages to the console to be logged. These are often error messages about being unable to load a resource or execute a piece of JavaScript. Sometimes they also provide insight into the technology behind a website.

Source	Level	URL Text
security	error	URL: https://www.googletagmanager.com/gtm.js?id=GTM-N8RN5F7(Line 787) Message: Refused to execute inline script because it violates the following Content Security Policy directive: "script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'". Either the 'unsafe-inline' keyword, a hash ('sha256-k9XnvvpLkOnuZmMnGY8CrOH0asKAAUHxdM9JU5rYpD0='), or a nonce ('nonce-...') is required to enable inline execution.
security	error	URL: https://www.tsb.co.nz/ Message: Refused to load the image 'https://ad.doubleclick.net/activity;register_conversion=1;src=4214544;type=Remar0;cat=tsbba0;ord=9321645328866;npa=0;auiddc=621044499.1726383408;u1=%2F;ps=1;pcor=132653813;uaa=;uab=;uafvl=;uamb=0;uam=;uap=;uapv=;uaw=0;pscdl=noapi;frm=0;gtm=45fe4990v9190070958z89111675971za201zb9111675971;gcd=13l3l3l3l1l1;dma=0;tag_exp=0;epver=2;~oref=https%3A%2F%2Fwww.tsb.co.nz%2F?' because it violates the following Content Security Policy directive: "img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com".
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com".
security	error	URL: https://www.clarity.ms/s/0.7.46/clarity.js(Line 1) Message: Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security	error	URL: https://www.clarity.ms/s/0.7.46/clarity.js(Line 1) Message: Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security	error	URL: https://www.clarity.ms/s/0.7.46/clarity.js(Line 1) Message: Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security	error	URL: https://www.clarity.ms/s/0.7.46/clarity.js(Line 1) Message: Refused to connect to 'https://f.clarity.ms/collect' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".
security	error	URL: https://www.googletagmanager.com/ Message: Refused to frame 'https://td.doubleclick.net/' because it violates the following Content Security Policy directive: "frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com".
security	error	URL: https://nebula-cdn.kampyle.com/au/wau/210973/onsite/generic1726180787406.js(Line 974) Message: Refused to connect to 'https://analytics-fe.digital-cloud-syd1.medallia.com.au/api/web/events' because it violates the following Content Security Policy directive: "connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com".

Security Headers

This page lists any security headers set by the main page. If you want to understand what these mean and how to use them, head on over to this page

Header	Value
Content-Security-Policy	default-src 'self' 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; script-src 'self' staticcdn.co.nz snrtp-cdn.marketo.com connect.facebook.net jquery.validate.min.js polyfill.io munchkin.marketo.net rtp-static.marketo.com snrtp1.marketo.com cdn.jsdelivr.net www.googletagmanager.com www.google.co.nz www.googleoptimize.com googleoptimize.com script.hotjar.com maps.googleapis.com unpkg.com www.google.com www.gstatic.com www.clarity.ms md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; font-src 'self' fonts.gstatic.com fonts.googleapis.com nebula-cdn.kampyle.com; img-src 'self' data: shielded.co.nz www.google-analytics.com www.googletagmanager.com www.gstatic.com www.google.com www.google.co.nz www.facebook.com maps.googleapis.com maps.gstatic.com c.clarity.ms c.bing.com md-scp.kampyle.com udc-neb.kampyle.com nebula-cdn.kampyle.com; style-src 'self' fonts.googleapis.com md-scp.kampyle.com nebula-cdn.kampyle.com 'nonce-WnVhRkxzWTVVUTlfekNhTU1yRHJud0FBQUFv'; frame-src 'self' 4214544.fls.doubleclick.net www.youtube.com youtu.be youtube.com www.google.com staticcdn.co.nz nebula-cdn.kampyle.com; connect-src 'self' tsb-prod-apim.azure-api.net tsb-nonprod-apim.azure-api.net *.mktoresp.com stats.g.doubleclick.net s.clarity.ms www.google-analytics.com analytics.google.com v.clarity.ms snrtp1.marketo.com www.googleoptimize.com googleoptimize.com maps.googleapis.com md-scp.kampyle.com sbt-prod.kampyle.com nebula-cdn.kampyle.com udc-neb.kampyle.com; base-uri 'self' md-scp.kampyle.com; object-src 'none'; style-src-attr 'self' 'unsafe-inline'; style-src-elem 'self' fonts.googleapis.com www.facebook.com rtp-static.marketo.com 'unsafe-inline'; frame-ancestors 'self'; form-action 'self' online.tsb.co.nz; report-uri /csp-report;
Strict-Transport-Security	max-age=63072000; includeSubDomains; preload
X-Content-Type-Options	nosniff
X-Frame-Options	SAMEORIGIN
X-Xss-Protection	0

Indicators

This is a term in the security industry to describe indicators such as IPs, Domains, Hashes, etc. This does not imply that any of these indicate malicious activity.

4214544.fls.doubleclick.net
454-ize-737.mktoresp.com
ad.doubleclick.net
analytics-fe.digital-cloud-syd1.medallia.com.au
analytics.google.com
c.bing.com
c.clarity.ms
connect.facebook.net
f.clarity.ms
munchkin.marketo.net
nebula-cdn.kampyle.com
rtp-static.marketo.com
shielded.co.nz
snrtp-cdn.marketo.com
snrtp1.marketo.com
staticcdn.co.nz
stats.g.doubleclick.net
tsbbank.co.nz
udc-neb.kampyle.com
unpkg.com
www.clarity.ms
www.facebook.com
www.google.co.nz
www.googletagmanager.com
www.tsb.co.nz
www.tsbbank.co.nz
ad.doubleclick.net
analytics-fe.digital-cloud-syd1.medallia.com.au
f.clarity.ms
103.237.104.73
103.237.104.82
142.250.67.3
142.251.221.70
151.101.193.175
157.240.8.23
18.67.110.70
18.67.110.87
184.24.248.178
2001:4860:4802:34::181
2001:8002:e22:ef00::3cfe:8ff1
203.134.85.154
23.214.38.209
2404:6800:4003:c11::9d
2404:6800:4006:80a::2008
2600:1415:11::1737:f29b
2606:4700::6811:f7cb
2620:1ec:bdf::31
2620:1ec:c11::237
2a03:2880:f119:8083:face:b00c:0:25de
35.241.45.82
52.231.230.148
0055aa18da3581f4a468aaa7257d84f798e0fc070899c8008d9b321b76b98096
00e23df10377c1a86b7e881fd0e8e209b08c89a0fd3a9437d3e56d6087398f60
0162ef9fc226831fc4801f4200807e778fc20a40cfa7651de72257353c7138eb
023cf8b8a67fe94bcef10d2a02505f939fe00978a20638cc40de1d7842b3521c
025a3c0009a8ffe8d3c9e138232858bb08004439c5fccddd47a9277f4864bc90
04d05978fdb111358073ab0524e5c1fafc0826615c206987618416b8bd8a4747
09d3c01af7d1b64385f5aea38b33807177f382f8dc3ce411548e1beb6523263e
0c82a95daa5ef40bf810ade32aad3a375ed14df6966ea1bd65520d6a85029975
0c91d9180a4fbd8d7a81f954632dfcc5570720d01ff2be2f3cd3f899e1d65677
143a1ee63c9fe87791cde6209d3716bf432ede02fc23ecbd064edfe1cc02bca9
14419be0b61d91116248f91d3a3518a26ade7d00a036846d98a3ea170fed9c00
1af1da6717bf645b3f5b8af41f16f7a149f0bf11e817492a2b3f711f50a6bef7
1c118c8dc42145731c36cf83e87f4cb6392bedba4ad17e8a598bb9d66b29810b
229153c7c6646487031d2e5f8be0ec43a58bb341dcb5417fb0ae480efd4ac162
25b4e974dc91d718d1b66bf120388c20da6dfd3a886ec8401af1c269dd169a44
414277d359e2c453607104f2495ac2af09fa15c2ccaf2e485d3933e5727f348d
441e23601fe7525a142857c98cbb2784997579d51a17f736d7964dceee609709
4589441ac97df1033c946f3403b0199cfb05e8ba3e406e21013d1af6965dd06a
4ac65dcc5ed84285cfd19c18f2b715a53f07f708f34198aa96ed8b846a78ef58
4c0e86b58a95d6cc42324dc9f51d082538b49b3762b4b210accb9b190a58443b
5206536707c84baa892d3c3231b351985ee828cb8b9c0bd8db42cd3363995fc4
54c3efbdfca5f0a68b2fe25942ec652c41ae5ce6e07baca2b9f1a895409adfbe
565339bc4d33d72817b583024112eb7f5cdf3e5eef0252d6ec1b9c9a94e12bb3
5a33562cad9eb06c691cb48e26df44406a7eab40b986d508d0927d70d77dd0d2
5b38685c3ce8b9d7e1bdf8779cd7ac5983028f904dfeccdd350d83c416ba1c3d
5d0afd1aaec987be4abcb64c2c50f36969ba0248b8c9a9c8f6b091c6704c782d
68cc280ce370c6f1f51a4fc5950103fc38df80a429552c549add04ebd8bd3a23
6a8996a4866b94877454218ae2202c8d1ac982a1a7d4870b07820d1b88fd576a
6acd54f2994ad7633ebed65bf2bf2349922118b715731763482a6cb2f802bf18
6d85c6b6712f50bf6b61aeb1d96103d99903abb4d3fdba53ccf96552d9f86fcf
752ac7b6a1d83373e07af1ee17b3a0e4a304e9b9304b55e49d93c7ab6a1c394e
79caa592cde5bfd0a417bf66926410d967a5334c9f0d1990671456e5bd4f5ce8
86e6459d734e4861ef736467ab64fc8b433923d940fd39271fd923ae2c34f9b0
8b9a81cdb6691427b5b3eda44631051eac0ffa17fe9c668a935ea5ad8613c137
99c2917ee5b2a01459a923bdd1c676f15ee73b62b87f696e6735312d26f51e12
9d1d52b444c1502f4c23e43b6747412c054ca65157dfe908d599dedff425d626
9e056e574bfbca2ce3ec6cb73b68750db9bd29d91c3471add8b8db217f78a275
9e244e21f848716f05c2c06f04aa31e416ac2370fa7b3485b33b0d5689646937
a2df8a1ea57ff1a48259665a5aae51c21df18d91406f0a3e3623afb26c60c31d
aa7b6c81e85551eeb5c4809f1e683efa0b780c33d12ddfc2067a1b136803e45a
af5a9628858b383c6257068c476c25b5a8a6421b686a349a828c47f526e7f877
b122e173fb310c409d02c56e57eea40f1ea470fed839599c902b085d8fdb0129
b1da849f9ba52a0628eddab7ced3614feab840f94ef96ad7240fd34db334e39b
b8666c40390e333bbbef6b67ce910ed6fc73c7b7c4476f48b3be06fbe2198a2d
b8710e59c134288dfa22585733639c1e70b133850bf414ee097f9e73eb4d8eee
b8992e4434d384c07c613af5741baca4d6f676c3c1cc3a5fb7261971da9a888a
ba2e65e6de11b597587bdb304a49174e41a23ccd9bf20e7dec7fca7d07ffb439
bedfc97fc67ea23fe97336f8c0032203f1b08f889e0ee6bb3d8a2ff3da4f8baa
bf6806d8c92e228249230195772afe2e68791d52763b782be9aa2855fab3b641
c212f4b505a86352aed62b24a8f16f999f821ecbe6456c7f3c8a04bc87968782
c29898818975d404bc311ef4043893f26e1ad7b6c8760fe1984b3aba82444365
d8f9afbf492e4c139e9d2bcb9ba6ef7c14921eb509fb703bc7a3f911b774eff8
e2429bf9cf0854722b6fc7f3f271c01327ea542deaa5af9d2842cb5c8245c194
e2fed2719e47f4428f31b5f6d8584ed8b6848f9b3586644e070749341806344e
e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
e3e3dee05a65cbc73efd4dde6ab68ddfcf623cef6d983adadfbab83ef86a571a
e4222715b556e7d99622c83e620d2f8e090047e56adb07923047f95828d561f2
e5c2dd00df7892f31ac96aa60a9b2b2b28f90400fb38ffea648f1c9ba73769bc
e79b999464b8a504fef7e85f011be9ccdbd7442d324d6d6af8dbba5bb590a0c6
e9b29db4f9339b5c9320c9dc1a64c95d0b099c3529514803addc148ec8774b2c
ef1955ae757c8b966c83248350331bd3a30f658ced11f387f8ebf05ab3368629
f228a13c7c9b5b87a7375616c3407201c58302d58280cc4333829506b9c16ba5
f5152fbfc6611b1a02ea9165ba94b1da9faf3ca672095c1a6da3f6cfa6042bc6

www.tsb.co.nz Open in urlscan Pro 2001:8002:e22:ef00::3cfe:8ff1 Public Scan

Summary

urlscan.io Verdict: No classification

Domain & IP information

Screenshot Live screenshot Full Image

Page Title

Page URL History Show full URLs

Detected technologies

Page Statistics

80 Requests

94 %HTTPS

41 %IPv6

18 Domains

26 Subdomains

21 IPs

4 Countries

1080 kBTransfer

3388 kBSize

23 Cookies

6 Outgoing links

Page URL History

Redirected requests

80 HTTP transactions Everything HTML Script AJAX CSS Image Expand all 7 data transactions

Request headers

Response headers

Redirect headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

Request headers

Response headers

www.tsb.co.nz Open in urlscan Pro
2001:8002:e22:ef00::3cfe:8ff1 Public Scan

Screenshot
Live screenshot

Full Image

80
Requests

94 %
HTTPS

41 %
IPv6

18
Domains

26
Subdomains

21
IPs

4
Countries

1080 kB
Transfer

3388 kB
Size

23
Cookies

80 HTTP transactions
7 data transactions