GET
H2
|
200
|
Primary Request
/
Show response
www.flagstar.com/
Redirect Chain
-
http://mynycb.com/
-
https://mynycb.com/
-
https://www.mynycb.com/
-
https://www.flagstar.com/
|
274 KB
34 KB
|
308ms
227ms
|
Document
text/html |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 41b3f21d187e8e772fe658c1afd0a836d079873e8b0cb15630325b0df448da97
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
Show response
www.flagstar.com/
|
212 KB
82 KB
|
52ms
50ms
|
Script
text/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 18bdc7909700de993fb5f08dc562d1cea796fc833bb6b9f294939216a78909c1
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
214 KB
16 KB
|
84ms
83ms
|
Stylesheet
text/css |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.fe3f110d18d4c7e40aef00a38e92e49f.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9d6c8b30f7e100ee333e01d26dc76c05bc88c8db65585390f7159952c2805f15
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
4 KB
5 KB
|
84ms
83ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-common.3eb7a162166ff06ffd28c4cd55a66762.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 5d2fd2417b6b7947a591339e14fea06b882e12b780955ffc062d5bed534d9bbf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
launch-bc7a3f427c28.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/
|
272 KB
73 KB
|
146ms
47ms
|
Script
application/x-javascript |
2a02:26f0:3500:591::1e80
AKAMAI-ASN1
|
|
|
GET
H2
|
200
|
clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
182 KB
42 KB
|
64ms
63ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-autonumeric.d47f6d13b8b6fba73490357cd7b2bc71.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 82a5f96383e36ec0b545815cd2b03b0fbef250ec1957cd686a9b08cad3cc608b
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H/1.1
|
200
OK
|
deployment.js
Show response
c.la5-c1cs-ia5.salesforceliveagent.com/content/g/js/60.0/
|
42 KB
43 KB
|
922ms
212ms
|
Script
application/javascript |
13.110.255.221
SALESFORCE
|
|
|
GET
H2
|
200
|
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
0
3 KB
|
85ms
84ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
0
3 KB
|
84ms
83ms
|
Stylesheet
text/css |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-dependencies.d41d8cd98f00b204e9800998ecf8427e.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
267 KB
46 KB
|
65ms
64ms
|
Stylesheet
text/css |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- bb9467710e1a952c83b8c3d11603e2a83880e27ec4a4ca3803288e02cf3275d8
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
help-circle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
831 B
4 KB
|
74ms
73ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/help-circle.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 25042f6994a65e8b585909f22a8e983e6d2fec1cc3b88a0a85df6fea3ebe10fb
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
map-pin.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
611 B
3 KB
|
73ms
73ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/map-pin.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1a584616981963ae61992fee36f95da1ca96818a1c68695354bd899e32307429
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
globe.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
844 B
4 KB
|
52ms
52ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/globe.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 84551b2fc5b4daf2d89a4bb712509343abf84878723f814701d42cd050237e7d
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
Logo.png
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
10 KB
13 KB
|
49ms
49ms
|
Image
image/png |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/Logo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- def9e061c234084f9709283b1982131b725bcc68b2ed4581f54d322103ee2f02
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
5 KB
|
47ms
47ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_checking-savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f453487a4e177cda0bbace5eb1ba7f468936488b95769b3de17349967e8fab9e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_debit-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
45ms
45ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_debit-credit-cards.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e95e113bfeb440a09cd08c80ee6dd2c15931a4851163a0d8075135d57f6c131c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_ways-to-bank.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
58ms
57ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_ways-to-bank.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 6e883915424fc156cca96b72d20b7ca928799d6d1d3b075db0d0eca941972915
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_buy-a-home.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
49ms
48ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_buy-a-home.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 92b60026dfcc6eb3bf8631ec3c25138b31110706ceec72d087c6e5b5fc8a5cab
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_get-cash.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
48ms
48ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_get-cash.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f5954f0a829c02a8c57d814c998de13afa8d91f62cffdfe316c024bed3262d2e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_purchase-a-vehicle.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
51ms
51ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_purchase-a-vehicle.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e0731a9c84bce53cb2a4ecaf08dc811585971a899fcbbb8d79e340efe56dcd95
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_flagstar-wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
6 KB
5 KB
|
44ms
44ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_flagstar-wealth-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 96387be010f65288928b24d9445e88bcdb99e30664b7d2d595a7ccda6f1c4dc6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_financial-solutions.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
54ms
54ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_financial-solutions.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 3475c512749c10abccdeffe33c396580e23098635ab83c9f7d2987c076a457c6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_insights.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
84ms
77ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_insights.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 923a8d9740f94f5c08fcd2f3be048e8689441a216c3be5c0784797d5017d02d5
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_tools-calculators.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
48ms
42ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_tools-calculators.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 70740bb39befcad42f09bbff8a78e7f0503e3e4bf6361c858cea9423c8ad558c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_how-to-guides.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
55ms
49ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_how-to-guides.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e2cdba8b1ff0a5dc4a5f88b397ec0789788233467372c668ff43a5cb535dba27
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_faqs.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
1 KB
4 KB
|
59ms
52ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_faqs.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- eba4e1c2cce29282aa8fa6dd71e6046399b06e5d408e2f4c2c2763642572c842
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_sign-up.svg
www.flagstar.com/content/dam/newco/personal/banking/icons/
|
1 KB
4 KB
|
50ms
43ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/icons/icon-card_sign-up.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 27a930e516d39f72356590a4e737515c95aa3a9969b6c2fc12075710f9032998
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-checking-savings.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
59ms
53ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-checking-savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a1d3a3e26c91ba85b3d9ac92db5f8335ea6994994a2538d4f47f5e919439d4c8
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-credit-cards.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
51ms
45ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-credit-cards.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 606ceda8954b51480b26eb5e9abd2d26d4d481d7dedeaa6afcec3ee5d6b39227
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-loans.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
11 KB
5 KB
|
53ms
48ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-loans.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 090dccdc949d234690ab3c5084c4683087813babb20a034e37868642a63434dc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_business-lines-of-credit.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
92ms
86ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_business-lines-of-credit.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 804454a2c411d8bb3a19ab0c282698955089bdd1f3e7114f880d85e919eb5910
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_commercial-mortgage.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
6 KB
4 KB
|
74ms
68ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_commercial-mortgage.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 4b7f19f0359b200b661e8f6ddd6cb71c15a213a1e944d16df9f4477cf616ec8c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_treasury-management1.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
81ms
76ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management1.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_wealth-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
73ms
67ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 33dbf9d3f5f3d7695cd1c9753c24113044b3c1aa2cd21771fc5580327c0d5c28
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_sectors.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
70ms
65ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_sectors.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- def3cd591fff9b3958866afefa7cf7321de1d902dc9b85749986d6bc637deaf9
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_treasury-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
88ms
82ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_treasury-management.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 41f0262e4439fcfbf92a8d51e0000cc3d22ee052dedfef3f6d05e1a972e85bcc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_banking-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
75ms
69ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_banking-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 38bc96c8a0910f32a8fcda24fdeaf7a9a5ce6ba89087e3be7b3200f75edbbd34
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_investment-services.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
90ms
85ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_investment-services.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9fc5fc887e2a0ad18a5136f7a2132ebcca631ca61e8669c52197a849c1b1aca1
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_private-banking.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
3 KB
4 KB
|
94ms
89ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_private-banking.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 97df66242f23aaeb6bbc7d5e8c021a11c1bad6c4b5288ec452ee527862bc3b8c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_credit-lending.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
4 KB
4 KB
|
80ms
75ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_credit-lending.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 801847061fa3bd28e46114c9091fd9f5997d929e74375a438a7aa7af517ffcf6
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_wealth-management.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
83ms
78ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_wealth-management.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 475123a04af4e549385e696417bd320a5bce09c8e380c91522041e00d2c22173
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_about-us.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
1 KB
4 KB
|
85ms
80ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_about-us.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 9f7ef3b405d900ff0a094366a371e588b2b237bc32ee0ba137dd9867a2f20d7a
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_our-approach.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
93ms
88ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_our-approach.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- b44994c64a6b67108462fe811a6ac32b4ea7bd9749931714c1d325b217841a67
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_specialized-expertise.svg
www.flagstar.com/content/dam/newco/global-navigation-icons/
|
2 KB
4 KB
|
86ms
81ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global-navigation-icons/icon-card_specialized-expertise.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f7cdf1b99e51212475107d8ee46cc03546111d482fc00c4708d76c9c2cffde17
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
answers.css
assets.sitescdn.net/answers-search-bar/v1.5/
|
103 KB
13 KB
|
155ms
76ms
|
Stylesheet
text/css |
2606:4700::6811:1754
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
answers.min.js
Show response
assets.sitescdn.net/answers-search-bar/v1.5/
|
434 KB
116 KB
|
174ms
95ms
|
Script
text/javascript |
2606:4700::6811:1754
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
answerstemplates.compiled.min.js
Show response
assets.sitescdn.net/answers-search-bar/v1.5/
|
81 KB
21 KB
|
75ms
74ms
|
Script
text/javascript |
2606:4700::6811:1754
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
Answers.js
Show response
www.flagstar.com/content/dam/newco/script/
|
628 B
4 KB
|
41ms
41ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/script/Answers.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 4de9a2e13a638feaef7cfe74c34a7cf7876a971d6eaab169d59a7e383f5aa75e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
Megaphone%201.svg
www.flagstar.com/content/dam/newco/global/icons/
|
886 B
4 KB
|
78ms
73ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global/icons/Megaphone%201.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 035c84a3e7aad2af24632b56b6c54926db5439e9172dd5a7e0dcc0f345f3fe77
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_mobile-debit-card.svg
www.flagstar.com/content/dam/newco/icons/
|
2 KB
4 KB
|
83ms
79ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/icons/icon-card_mobile-debit-card.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e18a31e36435d1ab770385bc4891cba9ede46bf18e2852e4871ebbe1de50cac0
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_savings.svg
www.flagstar.com/content/dam/newco/icons/
|
4 KB
4 KB
|
91ms
87ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/icons/icon-card_savings.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 2e4240ea75a8fc43a0d1b9067ab501efde70576e4e811dc9ee0e8fa876281aaf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card-buy-a-home.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
2 KB
4 KB
|
96ms
92ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card-buy-a-home.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 80ec0dcc431f5cf7624cb80dd997256ce3980dc4ca1c382283751e5e6738cd42
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_A-fresh-start-to-your-finances.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
14 KB
17 KB
|
69ms
66ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_A-fresh-start-to-your-finances.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 6d4cbdb138a5c650518bbafc02db8f5dd41939523f911f954fee1148a38a19a0
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_save-the-Easy-Way-With-Automatic-Transfers.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
34 KB
37 KB
|
87ms
84ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_save-the-Easy-Way-With-Automatic-Transfers.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- aeb96cc035a20b78028201732268893f1065705c287a740ed94a5613815c2c25
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_Take-a-day-off-from-spending.jpg
www.flagstar.com/content/dam/newco/learn/card-images/
|
39 KB
42 KB
|
74ms
70ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/learn/card-images/card_Take-a-day-off-from-spending.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 96dc05a6fe5a3e1b2618ea2311e7351ac4676de79cf0cdd209a1b2f12a48107b
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_calculator
www.flagstar.com/content/dam/newco/global/icons/
|
2 KB
4 KB
|
197ms
193ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/global/icons/icon-card_calculator
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- e269b0b63b7b5e183e60cefac1e9cc41fc930789a18dc497384b427aa74ea1cb
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_first-time-home-buyer.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
2 KB
4 KB
|
94ms
90ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_first-time-home-buyer.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 49053fa023e05f72834fb4858b8b6ea2ea9864f7a17113b3c42a425a2939adb4
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_mortgage-approved-or-closed-home-loans.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
3 KB
4 KB
|
99ms
96ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_mortgage-approved-or-closed-home-loans.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 436098c0c6fe572bbaaea00d2293bc100c536e75592dc9bd73371eb1a09bea94
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
icon-card_connect.svg
www.flagstar.com/content/dam/newco/personal/borrowing/icons/
|
3 KB
4 KB
|
98ms
95ms
|
Image
image/svg+xml |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/borrowing/icons/icon-card_connect.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- be235aeef05250ebd0496e4aff893fc4c2a0f459a18c2326517880b1fa779dea
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_about-flagstar.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
28 KB
31 KB
|
94ms
91ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_about-flagstar.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 022866fe426eaaadfb99d714ee1758358cecb9321084b8ae088749b375b64920
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_community-involvement.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
57 KB
60 KB
|
104ms
101ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_community-involvement.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8b8e6dd018656e2051b99145f8a306111351b21bcc97d67debb41b3f8f7a33ca
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
card_diversity-equity-and-inclusion.jpg
www.flagstar.com/content/dam/newco/about-flagstar/content-cards/
|
19 KB
22 KB
|
99ms
97ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/about-flagstar/content-cards/card_diversity-equity-and-inclusion.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- c25b79f044d5037c9792be55ae6b3cf18a56da5df5bd344431188ebaab031c03
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-site.6b1c95bf01579ca3637563e8c4ceec94.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
48 KB
13 KB
|
47ms
47ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.6b1c95bf01579ca3637563e8c4ceec94.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 3c75d6536e05e7ffc5be6a9733bf69e502ef63d60a872006de2b4c79ed33e2c4
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
container.027d01df25f17066242db969c9bf2ade.js
Show response
www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/
|
6 KB
2 KB
|
59ms
58ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/core/wcm/components/commons/site/clientlibs/container.027d01df25f17066242db969c9bf2ade.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- fe05972ec9e5bdd020c2cbdeae20d95d5643888ee2198c4ebf1145b1d60d30ff
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
csrf.a9dcac4698709ca8e1cbc88363cf0793.js
Show response
www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/
|
10 KB
3 KB
|
53ms
53ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- ca3fdf8e723931b1d002a556813d3a80fde72f2ccdc755b0b253f619bb872f65
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
Show response
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/
|
159 KB
32 KB
|
60ms
60ms
|
Script
application/javascript |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-base.4907a5550cdc35d1f9202c20e377c3dd.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a7382dd06b3e2279c5e4046426b583c17f7bfd30377033a2049d1f7f1a13ddfe
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
FooterLogo.png
www.flagstar.com/content/dam/newco/footer/
|
5 KB
8 KB
|
101ms
99ms
|
Image
image/png |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/FooterLogo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 0bbcb1c065db429b64f24825abb404ee8795be695d726894813bddcb462476bf
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
facebook.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
102ms
100ms
|
Image
image/png |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/facebook.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a71bd54a0b412e2a987daa67d5203169a5973349249e9e563ebe78f9460ff2c1
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
twitter.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
96ms
93ms
|
Image
image/png |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/twitter.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- b262089aff66440a9664b16bc5541050a728ca80ce98c8756bd10353e5edde5d
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
linkedin.png
www.flagstar.com/content/dam/newco/footer/
|
3 KB
6 KB
|
100ms
98ms
|
Image
image/png |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/footer/linkedin.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 89d46740e95d2d1e4f6d2b54f569e319515b0d89426ccfa4c33f13e1ca4ab6bc
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
fbevents.js
Show response
connect.facebook.net/en_US/
|
219 KB
59 KB
|
148ms
43ms
|
Script
application/x-javascript |
2a03:2880:f084:d:face:b00c:0:3
FACEBOOK
|
|
General
- Full URL
- https://connect.facebook.net/en_US/fbevents.js
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2a03:2880:f084:d:face:b00c:0:3
Frankfurt am Main, Germany,
ASN32934
(FACEBOOK, US),
- Reverse DNS
- Software
-
/
- Resource Hash
- ebcc80bf5e0568d173b31bee579c02a725832f916de3656f7a36f94df865d168
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; |
Strict-Transport-Security |
max-age=31536000; preload; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
DENY |
X-Xss-Protection |
0 |
|
GET
DATA
|
200
OK
|
truncated
/
|
718 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
Fellix-Medium.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
54 KB
|
63ms
63ms
|
Font
font/woff |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Medium.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d9f9c1b8a5fa5db59d5f705edc27e4a3ffe9eedbcc225e622d2f8055c99f761c
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
Fellix-Regular.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
54 KB
|
62ms
62ms
|
Font
font/woff |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Regular.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- bb0c0db8ccc7938c8d17d623e5e4055f8790a51a40c78f8fe57c2e24bbed567b
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
token.json
Show response
www.flagstar.com/libs/granite/csrf/
|
2 B
137 B
|
211ms
211ms
|
XHR
application/json |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/libs/granite/csrf/token.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 44136fa355b3678a1146ad16f7e8649e94fb4fc21fe77e8310c060f61caaff8a
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
otSDKStub.js
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
|
20 KB
7 KB
|
202ms
135ms
|
Script
application/x-javascript |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/otSDKStub.js
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 8c1d20eedda5c5fd996d82d5d3b87a3a6da24735fe96458bff21d13d3cc1d1e1
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
DATA
|
200
OK
|
truncated
/
|
572 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
hero-2_ready-checking0324.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
|
63 KB
66 KB
|
66ms
49ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 75b249c7e3dfbfac8c0f8355dfd581ae8d2640a7853f9545f8022b75295d6978
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
DATA
|
200
OK
|
truncated
/
|
448 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
feature_mobile-app.jpg
www.flagstar.com/content/dam/newco/personal/banking/feature-images/
|
126 KB
129 KB
|
51ms
42ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/feature-images/feature_mobile-app.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 36eb0ab37a2e2255bdff59a124eb2fac1fdec82f51f1b05be98f93b48116094e
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
DATA
|
200
OK
|
truncated
/
|
387 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
Fellix-SemiBold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
55 KB
|
56ms
47ms
|
Font
font/woff |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-SemiBold.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 850738adf5732aeff29a17ba8804213f8073f9f2b7d5021b1ff6f1324c8ca9b9
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
|
|
v84a3a4012de94ce1a686ba8c167c359c1696973893317
static.cloudflareinsights.com/beacon.min.js/
|
0
0
|
|
|
|
|
|
GET
DATA
|
200
OK
|
truncated
/
|
485 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
DATA
|
200
OK
|
truncated
/
|
4 KB
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
pnapi_integration-latest.min.js
Show response
solutions.invocacdn.com/js/
|
124 KB
40 KB
|
225ms
57ms
|
Script
text/javascript |
13.224.189.35
AMAZON-02
|
|
|
GET
H2
|
200
|
hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg
www.flagstar.com/content/dam/newco/personal/banking/hero-images/
|
63 KB
66 KB
|
43ms
43ms
|
Image
image/jpeg |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/content/dam/newco/personal/banking/hero-images/hero-2_ready-checking0324.jpg.thumb.1121.1121.jpg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 0d75e46efa71b6e8fcadaab864129cb1f0adad20b3a05fd040898056c106bb5d
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net https://*.evergage.com; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com https://*.evergage.com;frame-src 'self' *.flagstar.com *.youtube.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H/1.1
|
200
OK
|
MultiNoun.jsonp
Show response
d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/
|
226 B
591 B
|
881ms
108ms
|
Script
text/javascript |
13.109.188.112
SALESFORCE
|
|
General
- Full URL
- https://d.la2-c2-iad.salesforceliveagent.com/chat/rest/System/MultiNoun.jsonp?nouns=VisitorId,Settings&VisitorId.prefix=Visitor&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_256_GCM
- Server
-
13.109.188.112
, United States,
ASN14340
(SALESFORCE, US),
- Reverse DNS
- dcl13-ncg1-c5-iad4.la2-c2-ia4.salesforceliveagent.com
- Software
-
/
- Resource Hash
- 722df4e67cf42adc66d3b57548cb55288b8b6ac489d189302c86668741018262
- Security Headers
-
Name |
Value |
X-Content-Type-Options |
nosniff |
|
POST
H2
|
200
|
3202410
answers.yext-pixel.com/realtimeanalytics/data/answers/
|
0
319 B
|
292ms
136ms
|
Ping
text/plain |
2606:4700::6811:45f
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/
|
4 KB
2 KB
|
138ms
75ms
|
XHR
application/x-javascript |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/b3668a5d-7fcb-4aeb-a671-a8393e2792ff.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1c7d1349c2d47c2f850923ef3948b5ec6b8ec9647edd2cf281a23bf6689e2777
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
1507898736628275
Show response
connect.facebook.net/signals/config/
|
56 KB
12 KB
|
205ms
204ms
|
Script
application/x-javascript |
2a03:2880:f084:d:face:b00c:0:3
FACEBOOK
|
|
General
- Full URL
- https://connect.facebook.net/signals/config/1507898736628275?v=2.9.152&r=stable&domain=www.flagstar.com&hme=c3a545c63044e8e9102d4f32d84a1137594d024f28e801d670bc76dc5c075575&ex_m=67%2C112%2C99%2C103%2C58%2C3%2C93%2C66%2C15%2C91%2C84%2C49%2C51%2C158%2C161%2C172%2C168%2C169%2C171%2C28%2C94%2C50%2C73%2C170%2C153%2C156%2C165%2C166%2C173%2C121%2C14%2C48%2C178%2C177%2C123%2C17%2C33%2C38%2C1%2C41%2C62%2C63%2C64%2C68%2C88%2C16%2C13%2C90%2C87%2C86%2C100%2C102%2C37%2C101%2C29%2C25%2C154%2C157%2C130%2C27%2C10%2C11%2C12%2C5%2C6%2C24%2C21%2C22%2C54%2C59%2C61%2C71%2C95%2C26%2C72%2C8%2C7%2C76%2C46%2C20%2C97%2C96%2C9%2C19%2C18%2C81%2C53%2C79%2C32%2C70%2C0%2C89%2C31%2C78%2C83%2C45%2C44%2C82%2C36%2C4%2C85%2C77%2C42%2C39%2C34%2C80%2C2%2C35%2C60%2C40%2C98%2C43%2C75%2C65%2C104%2C57%2C56%2C30%2C92%2C55%2C52%2C47%2C74%2C69%2C23%2C105
- Requested by
- Host: connect.facebook.net
URL: https://connect.facebook.net/en_US/fbevents.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2a03:2880:f084:d:face:b00c:0:3
Frankfurt am Main, Germany,
ASN32934
(FACEBOOK, US),
- Reverse DNS
- Software
-
/
- Resource Hash
- 5e0b77012fd149ec9325c18ce21e4d78c543000caee33f006f6a1e054d7ab22f
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;script-src *.fbcdn.net *.facebook.net 'unsafe-inline' 'unsafe-eval' blob: data: 'self';style-src data: blob: 'unsafe-inline' facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;connect-src *.fbcdn.net *.facebook.net wss://*.fbcdn.net attachment.fbsbx.com blob: 'self';img-src 'self' data: blob: facebook.net *.facebook.net fbcdn.net *.fbcdn.net fbsbx.com *.fbsbx.com;block-all-mixed-content;upgrade-insecure-requests;report-uri https://www.facebook.com/csp/reporting/?m=c&minimize=0;require-trusted-types-for 'script'; |
Strict-Transport-Security |
max-age=31536000; preload; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
DENY |
X-Xss-Protection |
0 |
|
GET
H2
|
200
|
tag-live.js
Show response
solutions.invocacdn.com/js/networks/1429/2586959106/
|
9 KB
2 KB
|
45ms
45ms
|
Script
text/javascript |
13.224.189.35
AMAZON-02
|
|
|
GET
H2
|
200
|
otBannerSdk.js
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/
|
430 KB
105 KB
|
46ms
46ms
|
Script
application/javascript |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/otBannerSdk.js
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- a6972c49e66fe3c5026a1a1e26a06c49995cec36fc522cb56461f5cf0b2b2978
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H/1.1
|
200
OK
|
na.jsonp
Show response
pnapi.invoca.net/1429/
|
197 B
387 B
|
523ms
141ms
|
Script
text/html |
54.163.174.61
AMAZON-AES
|
|
General
- Full URL
- https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22calling_page%22%3A%22%2F%22%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22journey%22%3A%22%2F%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22invoca_id%22%3A%22i-5c409210-a94f-413c-b7b2-9538e469bec1%22%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A800%2C%22screenHeight%22%3A600%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22beaconSupported%22%2C%22counter%22%5D%5D&jsoncallback=json_rr1&
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_128_GCM
- Server
-
54.163.174.61
, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ec2-54-163-174-61.compute-1.amazonaws.com
- Software
-
/
- Resource Hash
- 918a2da9914b4bbc7a923bef0b15db54db79c465f7225c238ac1f22041d0ae58
|
GET
H2
|
200
|
en.json
Show response
cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/
|
77 KB
17 KB
|
56ms
56ms
|
Fetch
application/x-javascript |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/consent/b3668a5d-7fcb-4aeb-a671-a8393e2792ff/3394215e-8369-4433-bdea-3563b309ec6b/en.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 27a1c8f923d6e59c604e23b86d1635e5edcec6b40b42a7c30c8b30565d2dd566
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otFlat.json
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
|
13 KB
3 KB
|
43ms
43ms
|
Fetch
application/json |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otFlat.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- f4aaa18c55c90588c5e828e56dcc6b2cb0acf9a4280494c7d1a53fc5e3669112
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otPcTab.json
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/
|
63 KB
13 KB
|
44ms
43ms
|
Fetch
application/json |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/v2/otPcTab.json
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d18f313f2489ed91cd15cf94a1e5668b8b0da8318f593d980228000a1757702f
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
otCommonStyles.css
Show response
cdn.cookielaw.org/scripttemplates/202401.2.0/assets/
|
21 KB
4 KB
|
49ms
49ms
|
Fetch
text/css |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/scripttemplates/202401.2.0/assets/otCommonStyles.css
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- d3f7b0ec4de079928a999641e781e80f33597a392a561bc460276dfb4efb6eec
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
ot_close.svg
cdn.cookielaw.org/logos/static/
|
651 B
600 B
|
45ms
45ms
|
Image
image/svg+xml |
2606:4700::6813:b234
CLOUDFLARENET
|
|
|
GET
H2
|
200
|
Fellix-Bold.woff
www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/
|
51 KB
55 KB
|
44ms
44ms
|
Font
font/woff |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site/resources/fonts/Fellix-Bold.woff
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/aem-flagstar/clientlibs/clientlib-site.fb39674ef980279b90b8f74765fc7f14.css
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- fe0f33a2350724f28a0cc88dde554347b209fc0b3077a579072e830dc38d2f74
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
ot_guard_logo.svg
Show response
cdn.cookielaw.org/logos/static/
|
497 B
490 B
|
47ms
47ms
|
Fetch
image/svg+xml |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/logos/static/ot_guard_logo.svg
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 691dcdb24853a0f5ce4e6597e5713dea66799b57ffe2c2a10f28f98e0b569b19
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
FlagstarLogo.png
cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/
|
4 KB
4 KB
|
44ms
44ms
|
Image
image/png |
2606:4700::6813:b234
CLOUDFLARENET
|
|
General
- Full URL
- https://cdn.cookielaw.org/logos/fece6da3-6c93-46cb-8681-184cab7c0c91/1900e3f8-1fc1-45c1-8af1-c1c929d00bdd/5b7ef6ff-4828-48d7-a216-676a7b8dd43d/FlagstarLogo.png
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2606:4700::6813:b234
, United States,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 58216c10226af4d1473ae3f58dc88dccc9bbbc25f0a7a29ed04476f89b7fc636
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains; preload |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
powered_by_logo.svg
cdn.cookielaw.org/logos/static/
|
5 KB
2 KB
|
43ms
42ms
|
Image
image/svg+xml |
2606:4700::6813:b234
CLOUDFLARENET
|
|
|
POST
H2
|
200
|
interact
Show response
adobedc.demdex.net/ee/v1/
|
731 B
922 B
|
194ms
76ms
|
Fetch
application/json |
63.140.62.17
AMAZON-02
|
|
General
- Full URL
- https://adobedc.demdex.net/ee/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=d02401e6-3de2-4ec9-8045-8c6f98f8eafa
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
63.140.62.17
, United States,
ASN16509
(AMAZON-02, US),
- Reverse DNS
- ip-63-140-62-17.data.adobedc.net
- Software
-
jag /
- Resource Hash
- bb694533be9c29f2512d22a56a8955d6a4dd2028da24e64388afbe73ef1dbe1e
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Xss-Protection |
1; mode=block |
|
GET
H/1.1
|
200
OK
|
Settings.jsonp
Show response
d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/
|
720 B
712 B
|
447ms
106ms
|
Script
text/javascript |
13.110.254.28
SALESFORCE
|
|
General
- Full URL
- https://d.la5-c1-ia5.salesforceliveagent.com/chat/rest/Visitor/Settings.jsonp?sid=2cec2fbe-3457-4ed4-b519-2593e02e3296&Settings.prefix=Visitor&Settings.buttonIds=[57316000000D7Cz,57316000000D7D4,57316000000D7Cp]&Settings.updateBreadcrumb=1&Settings.urlPrefix=undefined&callback=liveagent._.handlePing&deployment_id=57216000000HIZN&org_id=00DG0000000Bvr7&version=60
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_256_GCM
- Server
-
13.110.254.28
, United States,
ASN14340
(SALESFORCE, US),
- Reverse DNS
- dcl9-ncg1-c6-iad5.la5-c1-ia5.salesforceliveagent.com
- Software
-
/
- Resource Hash
- a00e73bcc133e834c8daec18a33c23f3f2def217cd626f4c979b0374d63a68aa
- Security Headers
-
Name |
Value |
X-Content-Type-Options |
nosniff |
|
GET
H2
|
200
|
iframe_api
Show response
www.youtube.com/
|
993 B
2 KB
|
187ms
93ms
|
Script
text/javascript |
2a00:1450:4001:810::200e
GOOGLE
|
|
General
- Full URL
- https://www.youtube.com/iframe_api
- Requested by
- Host: assets.adobedtm.com
URL: https://assets.adobedtm.com/7dbad9752923/36b7dda228e9/launch-bc7a3f427c28.min.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
2a00:1450:4001:810::200e
Frankfurt am Main, Germany,
ASN15169
(GOOGLE, US),
- Reverse DNS
- Software
-
ESF /
- Resource Hash
- e4d5c28787419e7eaee569549d12df6ea9b1e7aa76e6f2a08b28ab812bfc1486
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000 |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
0 |
|
GET
H2
|
200
|
RC932eb8ff10dd4ad4a107497eae6b5445-source.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/
|
751 B
665 B
|
50ms
50ms
|
Script
application/x-javascript |
2a02:26f0:3500:591::1e80
AKAMAI-ASN1
|
|
|
GET
DATA
|
200
OK
|
truncated
/
|
714 B
0
|
|
Image
image/svg+xml |
|
|
|
GET
H2
|
200
|
favicon.ico
www.flagstar.com/
|
15 KB
10 KB
|
59ms
59ms
|
Other
image/x-icon |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/favicon.ico
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 930a9e10430daabc159f18878082a300d13832fb01291049600928d4a7b64c69
- Security Headers
-
Name |
Value |
Content-Security-Policy |
default-src 'none'; connect-src 'self' *.foresee.com *.evergage.com edge.adobedc.net https://cdn.cookielaw.org https://www.googletagmanager.com https://stats.g.doubleclick.net https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://maps.googleapis.com *.demdex.net *.yext.com https://answers.yext-pixel.com *.yextapis.com;font-src 'self' data: https://fonts.gstatic.com/ https://fonts.googleapis.com https://use.typekit.com *.pgsdemo.com *.pagescdn.com; media-src 'self'; object-src 'self'; form-action 'self' https://*.flagstar.com https://*.salesforce.com https://*.salesforceliveagent.com https://*.salesforce-sites.com; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://*.salesforceliveagent.com https://assets.sitescdn.net https://www.googleanalytics.com/ https://www.googleoptimize.com/ https://optimize.google.com/ https://www.googletagmanager.com https://maps.googleapis.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net assets.adobedtm.com https://pnapi.invoca.net https://solutions.invocacdn.com gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com/ https://use.typekit.com https://connect.facebook.net https://js.adsrvr.org/ https://cdn.evgnet.com https://*.evergage.com https://www.youtube.com assets.sitescdn.net *.pagescdn.com *.pgsdemo.com https://*.salesforce-sites.com;style-src 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com assets.sitecdn.net; style-src-elem 'self' 'unsafe-inline' https://assets.sitescdn.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://fonts.googleapis.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net gateway.foresee.com https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://maps.googleapis.com;frame-src 'self' *.flagstar.com *.demdex.net https://*.fls.doubleclick.net https://td.doubleclick.net https://optimize.google.com/ https://insight.adsrvr.org/ https://match.adsrvr.org/ https://cdn.evgnet.com https://*.flagstar.com https://*.fintactix.com *.pagescdn.com *.pgsdemo.com; frame-ancestors 'self' *.flagstar.com https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net; img-src 'self' *.foresee.com https://ad.doubleclick.net https://optimize.google.com/ https://www.googletagmanager.com https://www.googletagmanager.com/ https://www.googleadservices.com https://www.google-analytics.com https://developers.google.com https://maps.googleapis.com https://maps.gstatic.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://cdn.cookielaw.org https://privacyportal.onetrust.com https://geolocation.onetrust.com https://insight.adsrvr.org https://ib.adnxs.com/getuid https://match.adsrvr.org/track/cmf/appnexus https://dsum-sec.casalemedia.com/rum https://ups.analytics.yahoo.com/ups/55953/sync https://pixel.rubiconproject.com/tap.php data: blob: https://p.typekit.net https://www.facebook.com *.flagstar.com https://*.doubleclick.net;child-src 'self' https://www.googletagmanager.com https://www.googleadservices.com https://www.google-analytics.com https://bat.bing.com https://googleads.g.doubleclick.net https://www.google.com https://bid.g.doubleclick.net https://youtube.com; worker-src 'self'; manifest-src 'self'; |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
RC16d7e6bf9991438aae4d2fdf78410573-source.min.js
Show response
assets.adobedtm.com/7dbad9752923/36b7dda228e9/b9134b1a6b32/
|
1000 B
658 B
|
48ms
47ms
|
Script
application/x-javascript |
2a02:26f0:3500:591::1e80
AKAMAI-ASN1
|
|
|
POST
H2
|
200
|
interact
Show response
edge.adobedc.net/ee/irl1/v1/
|
522 B
710 B
|
199ms
75ms
|
Fetch
application/json |
63.140.62.27
AMAZON-02
|
|
General
- Full URL
- https://edge.adobedc.net/ee/irl1/v1/interact?configId=9b22fc34-b4de-46d2-90d2-b189eef9dca8&requestId=bfa1d703-e0c8-4ab8-aa32-734713b6f09a
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.3,
, AES_128_GCM
- Server
-
63.140.62.27
, United States,
ASN16509
(AMAZON-02, US),
- Reverse DNS
- ip-63-140-62-27.data.adobedc.net
- Software
-
jag /
- Resource Hash
- 94d8f1aec4cac91600ac7acaaee33f5c853bb1d53fad8cdfee2e2bfc071bb54f
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Xss-Protection |
1; mode=block |
|
GET
H2
|
200
|
www-widgetapi.js
Show response
www.youtube.com/s/player/1ced3a71/www-widgetapi.vflset/
|
216 KB
67 KB
|
45ms
45ms
|
Script
text/javascript |
2a00:1450:4001:810::200e
GOOGLE
|
|
|
GET
H/1.1
|
200
OK
|
na.jsonp
Show response
pnapi.invoca.net/1429/
|
197 B
386 B
|
150ms
150ms
|
Script
text/html |
54.163.174.61
AMAZON-AES
|
|
General
- Full URL
- https://pnapi.invoca.net/1429/na.jsonp?network_id=1429&js_version=4.30.6&tag_id=1429%2F2586959106&request_data_shared_params=%7B%22invoca_id%22%3A%22i-5c409210-a94f-413c-b7b2-9538e469bec1%22%2C%22utm_medium%22%3A%22direct%22%2C%22utm_source%22%3A%22direct%22%2C%22gcm_uid%22%3Anull%2C%22adobe_id%22%3A%22not_found%22%2C%22Agent%22%3Anull%2C%22branch_address%22%3Anull%2C%22branch_city%22%3Anull%2C%22branch_code%22%3Anull%2C%22branch_name%22%3Anull%2C%22branch_state%22%3Anull%2C%22calling_page%22%3A%22%2F%22%2C%22callTreatment%22%3Anull%2C%22CID%22%3Anull%2C%22currentURL%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22dclid%22%3Anull%2C%22Disposition%22%3Anull%2C%22e%22%3Anull%2C%22email_name%22%3Anull%2C%22ga_session_id%22%3Anull%2C%22gclid%22%3Anull%2C%22gclsrc%22%3Anull%2C%22g_cid%22%3A%22not_found%22%2C%22j%22%3Anull%2C%22jb%22%3Anull%2C%22journey%22%3A%22%2F%22%2C%22l%22%3Anull%2C%22Lead_Record_Type%22%3Anull%2C%22LOB%22%3Anull%2C%22mid%22%3Anull%2C%22msclkid%22%3Anull%2C%22offline_destination%22%3Anull%2C%22Opportunity_Record_Type%22%3Anull%2C%22Parent_Campaign_Name%22%3Anull%2C%22profile_name%22%3Anull%2C%22sk%22%3Anull%2C%22ua%22%3Anull%2C%22utm_campaign%22%3Anull%2C%22utm_content%22%3Anull%2C%22utm_term%22%3Anull%2C%22verified_zip%22%3Anull%7D&client_messages=%7B%7D&client_info=%7B%22url%22%3A%22https%3A%2F%2Fwww.flagstar.com%2F%22%2C%22referrer%22%3A%22%22%2C%22cores%22%3A17%2C%22platform%22%3A%22Win32%22%2C%22screenWidth%22%3A800%2C%22screenHeight%22%3A600%2C%22language%22%3A%22en-US%22%7D&request_data=%5B%7B%22request_id%22%3A%22%2B18882486423%22%2C%22advertiser_campaign_id_from_network%22%3A%22505764%22%2C%22params%22%3A%7B%22invoca_detected_destination%22%3A%22%2B18882486423%22%7D%7D%5D&destination_settings=%7B%22paramName%22%3A%22invoca_detected_destination%22%2C%22matchLocalNumbers%22%3Afalse%2C%22matchTollFreeNumbers%22%3Afalse%7D&metrics=%5B%5B%22initialLoad%22%2C1712671810167%5D%2C%5B%22startRun%22%2C1712671810223%5D%2C%5B%22startCollectPlacements%22%2C1712671810224%5D%2C%5B%22endCollectPlacements%22%2C1712671810244%5D%2C%5B%22startMapNumberRequest%22%2C1712671810244%5D%2C%5B%22endMapNumberRequest%22%2C1712671810771%5D%2C%5B%22endNumberReplacement%22%2C1712671810771%5D%2C%5B%22startWaitForData%22%2C1712671811246%5D%2C%5B%22endWaitForData%22%2C1712671812311%5D%5D&jsoncallback=json_rr2&
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/etc.clientlibs/clientlibs/granite/jquery/granite/csrf.a9dcac4698709ca8e1cbc88363cf0793.js
- Protocol
- HTTP/1.1
- Security
- TLS 1.2,
ECDHE_RSA, AES_128_GCM
- Server
-
54.163.174.61
, United States,
ASN14618
(AMAZON-AES, US),
- Reverse DNS
- ec2-54-163-174-61.compute-1.amazonaws.com
- Software
-
/
- Resource Hash
- c9d50766d2f8af9893ec669b38ce3dcd4b7f0b2e1f4bca788ef9f2c02a9609b2
|
POST
H2
|
200
|
rb_05a5443f-7bda-433a-9644-5a320a8634a5
Show response
www.flagstar.com/
|
120 B
237 B
|
153ms
152ms
|
Fetch
text/plain |
104.18.41.140
CLOUDFLARENET
|
|
General
- Full URL
- https://www.flagstar.com/rb_05a5443f-7bda-433a-9644-5a320a8634a5?type=js3&sn=v_4_srv_2_sn_4DCD2A65627287A7D9D499FD2C545D98_perc_100000_ol_0_mul_1_app-3A98c1425c91f9b0fe_1&svrid=2&flavor=post&vi=QRJHRUUNPMJFLCJTQKVAUUHUUSHNUSKM-0&modifiedSince=1712642825053&rf=https%3A%2F%2Fwww.flagstar.com%2F&bp=3&app=98c1425c91f9b0fe&crc=873049878&en=ov27eoh7&end=1
- Requested by
- Host: www.flagstar.com
URL: https://www.flagstar.com/ruxitagentjs_ICA7NVfghjqru_10285240307101407.js
- Protocol
- H2
- Security
- TLS 1.2,
ECDHE_ECDSA, AES_128_GCM
- Server
-
104.18.41.140
-, ,
ASN13335
(CLOUDFLARENET, US),
- Reverse DNS
- Software
-
cloudflare /
- Resource Hash
- 1758550d0fe27921324bceda912381a78f48c2496e8e0aba46c5fcf7ca034dfc
- Security Headers
-
Name |
Value |
Strict-Transport-Security |
max-age=31536000; includeSubDomains |
X-Content-Type-Options |
nosniff |
X-Frame-Options |
SAMEORIGIN |
X-Xss-Protection |
1; mode=block |
|